github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 06:25:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
e77dd99d4b
linux/drivers/mtd
History
Jann Horn 1533250294 mtdchar: fix overflows in adjustment of count 
[ Upstream commit 6c6bc9ea84 ]

The first checks in mtdchar_read() and mtdchar_write() attempt to limit
`count` such that `*ppos + count <= mtd->size`. However, they ignore the
possibility of `*ppos > mtd->size`, allowing the calculation of `count` to
wrap around. `mtdchar_lseek()` prevents seeking beyond mtd->size, but the
pread/pwrite syscalls bypass this.

I haven't found any codepath on which this actually causes dangerous
behavior, but it seems like a sensible change anyway.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-09-26 08:35:08 +02:00
..
chips mtd: cfi_cmdset_0002: Change erase functions to check chip good only 2018-07-11 16:03:51 +02:00
devices MTD updates for 4.4-rc1: 2015-11-06 11:50:24 -08:00
lpddr
maps mtd/maps: fix solutionengine.c printk format warnings 2018-09-26 08:35:05 +02:00
nand mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages 2018-08-06 16:24:36 +02:00
onenand mtd: onenand: fix deadlock in onenand_block_markbad 2016-04-12 09:09:05 -07:00
spi-nor mtd: spi-nor: fix spansion quad enable 2017-06-29 12:48:52 +02:00
tests
ubi mtd: ubi: wl: Fix error return code in ubi_wl_init() 2018-09-19 22:49:00 +02:00
afs.c
ar7part.c
bcm47xxpart.c mtd: bcm47xxpart: don't fail because of bit-flips 2017-07-05 14:37:18 +02:00
bcm63xxpart.c
cmdlinepart.c
ftl.c
inftlcore.c
inftlmount.c
Kconfig
Makefile
mtd_blkdevs.c
mtdblock_ro.c
mtdblock.c
mtdchar.c mtdchar: fix overflows in adjustment of count 2018-09-26 08:35:08 +02:00
mtdconcat.c
mtdcore.c mtd: fix cmdlinepart parser, early naming for auto-filled MTD 2016-01-04 10:54:18 -08:00
mtdcore.h
mtdoops.c
mtdpart.c
mtdsuper.c
mtdswap.c
nftlcore.c
nftlmount.c
ofpart.c doc: dt: mtd: partitions: add compatible property to "partitions" node 2015-12-08 17:10:20 -08:00
redboot.c
rfd_ftl.c
sm_ftl.c
sm_ftl.h
ssfdc.c