kernel_optimize_test/drivers
James Chapman 6b6707a50c l2tp: Fix potential memory corruption in pppol2tp_recvmsg()
This patch fixes a potential memory corruption in
pppol2tp_recvmsg(). If skb->len is bigger than the caller's buffer
length, memcpy_toiovec() will go into unintialized data on the kernel
heap, interpret it as an iovec and start modifying memory.

The fix is to change the memcpy_toiovec() call to
skb_copy_datagram_iovec() so that paged packets (rare for PPPOL2TP)
are handled properly. Also check that the caller's buffer is big
enough for the data and set the MSG_TRUNC flag if it is not so.

Reported-by: Ilja <ilja@netric.org>
Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10 12:35:00 -07:00
..
accessibility
acorn/char
acpi acpi: fix integer as NULL pointer warning 2008-05-23 08:11:06 -07:00
amba
ata ahci: change the Device IDs of nvidia MCP7B AHCI controller in ahci.c 2008-05-30 12:40:28 -04:00
atm drivers/atm/: remove CVS keywords 2008-05-20 14:52:25 -07:00
auxdisplay
base driver-core: prepare for 2.6.27 api change by adding dev_set_name 2008-05-29 21:10:01 -07:00
block virtio_blk: allow read-only disks 2008-05-30 15:09:44 +10:00
bluetooth
cdrom [POWERPC] iSeries: Remove unused mail address 2008-05-23 16:45:04 +10:00
char virtio: An entropy device, as suggested by hpa. 2008-05-30 15:09:44 +10:00
clocksource
connector
cpufreq [CPUFREQ] fix double unlock of cpu_policy_rwsem in drivers/cpufreq/cpufreq.c 2008-05-29 12:10:12 -04:00
cpuidle
crypto
dca
dio
dma iop-adma: fixup some kzalloc/memset confusions 2008-05-20 13:51:20 -07:00
edac edac: mpc85xx: fix building as a module 2008-05-24 09:56:13 -07:00
eisa
firewire firewire: prevent userspace from accessing shut down devices 2008-05-20 18:24:17 +02:00
firmware
gpio gpiolib: fix off by one errors 2008-05-24 09:56:11 -07:00
hid HID: remove CVS keywords 2008-05-20 16:44:43 +02:00
hwmon ibmaem: new driver for power/energy/temp meters in IBM System X hardware 2008-05-24 09:56:08 -07:00
i2c i2c/max6875: Really prevent 24RF08 corruption 2008-05-18 20:49:41 +02:00
ide ide: fix race in device_create 2008-05-20 13:31:54 -07:00
ieee1394 ieee1394: sbp2: use correct size of command descriptor block 2008-05-20 18:24:17 +02:00
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2008-05-23 11:11:44 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2008-05-30 10:17:19 -07:00
isdn isdn: fix integer as NULL pointer warning 2008-05-23 08:11:06 -07:00
leds LEDS: fix race in device_create 2008-05-20 13:31:55 -07:00
lguest virtio: set device index in common code. 2008-05-30 15:09:42 +10:00
macintosh [POWERPC] macintosh: Replace deprecated __initcall with device_initcall 2008-05-15 20:50:00 +10:00
mca
md md: restart recovery cleanly after device failure. 2008-05-24 09:56:10 -07:00
media tuner: Do not alter i2c_client.name 2008-05-26 16:08:40 +02:00
memstick
message
mfd HTC_EGPIO is ARM-only 2008-05-21 16:56:00 -07:00
misc acpi: fix sparse const errors 2008-05-30 07:43:24 -07:00
mmc missing dependencies on HAS_DMA 2008-05-21 16:55:59 -07:00
mtd ck804rom: fix driver_data in probe table. 2008-05-27 07:34:38 -07:00
net l2tp: Fix potential memory corruption in pppol2tp_recvmsg() 2008-06-10 12:35:00 -07:00
nubus
of [POWERPC] Add null pointer check to of_find_property 2008-05-15 20:49:49 +10:00
oprofile oprofile: don't request cache line alignment for cpu_buffer 2008-05-14 19:11:12 -07:00
parisc drivers/parisc: replace remaining __FUNCTION__ occurrences 2008-05-15 10:38:54 -04:00
parport
pci PCI: fix rpadlpar pci hotplug driver sysfs usage 2008-05-30 09:50:46 -07:00
pcmcia electra_cf: Add MODULE_DEVICE_TABLE() 2008-05-27 16:07:45 -05:00
pnp Clean up 'print_fn_descriptor_symbol()' types 2008-05-15 17:50:37 -07:00
power Power Supply: fix race in device_create 2008-05-20 13:31:55 -07:00
ps3
rapidio
rtc
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus 2008-05-30 10:20:03 -07:00
sbus sbus bpp: instances missed in s/dev_name/bpp_dev_name/ 2008-05-21 16:55:59 -07:00
scsi scsi: fix integer as NULL pointer warning 2008-05-23 08:11:07 -07:00
serial 8250 Serial Driver: revert extra IRQ flag definition patch 2008-05-31 16:10:04 +08:00
sh
sn
spi spi: remove some spidev oops-on-rmmod paths 2008-05-24 09:56:14 -07:00
ssb ssb: Fix context assertion in ssb_pcicore_dev_irqvecs_enable 2008-06-04 15:57:10 -04:00
tc
telephony
thermal
uio UIO: fix race in device_create 2008-05-20 13:31:55 -07:00
usb Revert "USB: EHCI: fix performance regression" 2008-05-29 19:43:27 -07:00
video Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm 2008-05-24 10:13:16 -07:00
virtio virtio: force callback on empty. 2008-05-30 15:09:46 +10:00
w1
watchdog drivers/watchdog/geodewdt.c: build fix 2008-05-30 10:16:58 -07:00
xen
zorro
Kconfig
Makefile