On Wed, 10 Jan 2001, Chris Mason wrote: > Ah thanks, that makes more sense. But, copy_to_user is only working on > namelen bytes, and reclen is bigger than that. So, who is checking the > value for the buf->current_dir pointer? Look at the thing again. Especially at the place where reclen is calculated. Notice the calls of put_user() before and after copy_to_user(). Add them up. Round. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
- Re: [reiserfs-list] major security bug in reiserfs (m... Chris Mason
- Re: [reiserfs-list] major security bug in reiser... David Ford
- Re: [reiserfs-list] major security bug in reiser... Alexander Viro
- Re: [reiserfs-list] major security bug in re... Chris Mason
- Re: [reiserfs-list] major security bug i... Alexander Viro
- Re: [reiserfs-list] major security b... Chris Mason
- Re: [reiserfs-list] major secur... Alexander Viro
- Re: [reiserfs-list] major security bug in re... Andrea Arcangeli
- Re: [reiserfs-list] major security bug in reiser... Vladimir V. Saveliev
- Re: [reiserfs-list] major security bug in re... Chris Mason
- Re: [reiserfs-list] major security bug i... Vladimir V. Saveliev
- Re: [reiserfs-list] major security bug in re... Stefan Traby
- Re: [reiserfs-list] major security bug i... Stefan Traby
- Re: [reiserfs-list] major security bug in reiser... Chris Mason
- Re: [reiserfs-list] major security bug in re... Hans Reiser
