On Tue, Oct 29, 2013 at 10:10:07PM +0300, Dan Carpenter wrote:
> Due to a missing capable() check in the compat ioctls then this error
> can be triggered without CAP_SYS_RAWIO. I have fixed that in a separate
> patch.
Actually, CAP_SYS_RAWIO is checked at the start of the function.
However my o
On Tue, Oct 29, 2013 at 1:06 PM, Dan Carpenter wrote:
> You and James are right. It should be checking against the sizeof().
> I will send a v2 tomorrow. Sorry about that.
Looking some more at this, I have to say that I absolutely detest
those aacraid structures. And I'm not sure that sizeof()
You and James are right. It should be checking against the sizeof().
I will send a v2 tomorrow. Sorry about that.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://v
On Tue, Oct 29, 2013 at 12:10 PM, Dan Carpenter
wrote:
> If "fibsize" is zero then it leads to a ZERO_SIZE_PTR dereference when
> we dereference user_srbcmd.
Btw, these "ZERO_SIZE_PTR dereference" issues aren't about
ZERO_SIZE_PTR, they are about overrunning the allocations. The
ZERO_SIZE_PTR poi
On Tue, 2013-10-29 at 22:10 +0300, Dan Carpenter wrote:
> If "fibsize" is zero then it leads to a ZERO_SIZE_PTR dereference when
> we dereference user_srbcmd.
>
> Due to a missing capable() check in the compat ioctls then this error
> can be triggered without CAP_SYS_RAWIO. I have fixed that in a
5 matches
Mail list logo
