On Tue, Oct 21, 2014 at 02:59:58PM +0200, Matej Mužila wrote:
> > sizeof(__u8) is by definition 1 so it's perhaps surplus ?
> Now the size is now determined from the structure definition in
> include/uapi/linux/hyperv.h
>
> > - C style comments for coding style
> Fixed
>
> > Also your patch block
> sizeof(__u8) is by definition 1 so it's perhaps surplus ?
Now the size is now determined from the structure definition in
include/uapi/linux/hyperv.h
> - C style comments for coding style
Fixed
> Also your patch block is devoid of a few thins like the file name...
I'm sorry, the (missing) filen
On Tue, 21 Oct 2014 13:49:00 +0200
Matej Mužila wrote:
> From: Matej Mužila
>
> Check if cpmsg->size is in limits of DATA_FRAGMENT
>
> Signed-off-by: Matej Mužila
> Acked-by: K. Y. Srinivasan
> ---
> If corrupted data are read from /dev/vmbus/hv_fcopy, pwrite can
> read from memory outside
From: Matej Mužila
Check if cpmsg->size is in limits of DATA_FRAGMENT
Signed-off-by: Matej Mužila
Acked-by: K. Y. Srinivasan
---
If corrupted data are read from /dev/vmbus/hv_fcopy, pwrite can
read from memory outside of the buffer (defined at line 138).
Added check.
---
@@ -104,6 +104,10 @@
