To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [CHECKER] 15 probable security holes in 2.4.5-ac8
Date: Mon, 11 Jun 2001 15:45:07 +0200 (CEST)
From: [EMAIL PROTECTED] (Joerg Reuter)
>> [BUG] (but i'm not sure whey we're missing the initial irq).
>> /u2/engler/mc/oses/linux/2.4.5-ac8/drivers/net/hamradio/scc.c:1772:scc_net_ioctl:
>ERROR:RANGE:1762:1772: Using user length "irq"as an array index for "Ivec" set by
>'copy_from_user':1762 [val=1000]
>> if (!arg) return -EFAULT;
>
>Thats a real bug for other reaosns.
Nah, just a misconception (NB: the whole scc driver initialization is crap
anyway -- but that part was written before we even had procfs; the next
version will use procfs, but I'm not quite convinced that my current
approach for the rewrite is correct. Fact is that the driver has to support
far too many different parameters). The next version will also use
the ISR of your z85230 HDLC driver, the z8530 seems to occasionally
overwrite it's interrupt vector register with new status information
before the old one was read.
> the iRQ might be > 16 on APIC using hosts
They won't assign IRQs above 15 for ISA cards, will they?
I gravely hope that nobody gets the idea to design a PCI card
for the Z8530 without bus master DMA...
>or non x86
Granted. But I've no reports that anyone actually tried that,
especially as the (unmodified) driver is only useful for packet radio
purposes.
>Both fixed
How? ;-)
73,
--
Joerg Reuter DL1BKE http://yaina.de/jreuter
And I make my way to where the warm scent of soil fills the evening air.
Everything is waiting quietly out there.... (Anne Clark)
PGP signature
