github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
89d3e39b27
linux/arch
History
Dan Rosenberg f40fe91c33 ARM: 6891/1: prevent heap corruption in OABI semtimedop 
commit 0f22072ab5 upstream.

When CONFIG_OABI_COMPAT is set, the wrapper for semtimedop does not
bound the nsops argument.  A sufficiently large value will cause an
integer overflow in allocation size, followed by copying too much data
into the allocated buffer.  Fix this by restricting nsops to SEMOPM.
Untested.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-09 15:54:58 -07:00
..
alpha alpha: Fix printk format errors 2010-09-26 17:21:43 -07:00
arm ARM: 6891/1: prevent heap corruption in OABI semtimedop 2011-05-09 15:54:58 -07:00
avr32 untangle the do_mremap() mess 2010-01-18 10:19:11 -08:00
blackfin Blackfin: set ARCH_KMALLOC_MINALIGN 2010-07-05 11:10:50 -07:00
cris untangle the do_mremap() mess 2010-01-18 10:19:11 -08:00
frv frv: set ARCH_KMALLOC_MINALIGN 2010-07-05 11:10:49 -07:00
h8300 untangle the do_mremap() mess 2010-01-18 10:19:11 -08:00
ia64 mca.c: Fix cast from integer to pointer warning 2011-04-22 08:44:15 -07:00
m32r untangle the do_mremap() mess 2010-01-18 10:19:11 -08:00
m68k m68k/mm: Set all online nodes in N_NORMAL_MEMORY 2011-05-09 15:54:53 -07:00
m68knommu untangle the do_mremap() mess 2010-01-18 10:19:11 -08:00
microblaze microblaze: Fix build with make 3.82 2010-12-09 13:26:34 -08:00
mips MIPS: MTX-1: Make au1000_eth probe all PHY addresses 2011-03-23 13:16:38 -07:00
mn10300 mn10300: set ARCH_KMALLOC_MINALIGN 2010-07-05 11:10:47 -07:00
parisc set memory ranges in N_NORMAL_MEMORY when onlined 2011-05-09 15:54:52 -07:00
powerpc powerpc: Fix default_machine_crash_shutdown #ifdef botch 2011-04-14 16:53:43 -07:00
s390 s390: remove task_show_regs 2011-03-02 09:46:49 -05:00
score untangle the do_mremap() mess 2010-01-18 10:19:11 -08:00
sh sh: Fix FDPIC binary loader 2010-04-26 07:41:17 -07:00
sparc sparc: Prevent no-handler signal syscall restart recursion. 2010-12-09 13:27:07 -08:00
um uml: disable winch irq before freeing handler data 2010-12-09 13:27:01 -08:00
x86 x86, AMD: Fix APIC timer erratum 400 affecting K8 Rev.A-E processors 2011-05-09 15:54:58 -07:00
xtensa xtensa: set ARCH_KMALLOC_MINALIGN 2010-07-05 11:10:50 -07:00
.gitignore
Kconfig oprofile: remove tracing build dependency 2010-03-15 08:49:47 -07:00