leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ab5222ed16
linux/drivers/media/dvb-core
History
Colin Ian King a24e6348e5 media: dvb_ca_en50221: sanity check slot number from userspace 
Currently a user can pass in an unsanitized slot number which
will lead to and out of range index into ca->slot_info. Fix this
by checking that the slot number is no more than the allowed
maximum number of slots. Seems that this bug has been in the driver
forever.

Detected by CoverityScan, CID#139381 ("Untrusted pointer read")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Jasmin Jessich <jasmin@anw.at>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
2017-12-14 09:51:17 -05:00
..
demux.h media: dvb-core/demux.h: fix kernel-doc warning 2017-07-21 08:01:08 -04:00
dmxdev.c media: dvb-core: Convert timers to use timer_setup() 2017-10-31 06:40:30 -04:00
dmxdev.h media: dmxdev.h: add kernel-doc markups for data types and functions 2017-10-11 13:21:22 -04:00
dvb_ca_en50221.c media: dvb_ca_en50221: sanity check slot number from userspace 2017-12-14 09:51:17 -05:00
dvb_ca_en50221.h media: dvb_ca_en50221.h: fix checkpatch strict warnings 2017-07-20 15:47:07 -04:00
dvb_demux.c media: dvb_demux.h: document structs defined on it 2017-10-11 13:18:33 -04:00
dvb_demux.h media: dvb: do some coding style cleanup 2017-10-11 13:51:41 -04:00
dvb_frontend.c media: dvb_frontend: Add commands implementation for compat ioct 2017-12-13 08:58:18 -05:00
dvb_frontend.h media: dvb_frontend.h: improve kernel-doc markups 2017-10-11 13:01:35 -04:00
dvb_math.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
dvb_math.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
dvb_net.c media: dvb_net: stop abusing /** for comments 2017-11-27 10:35:34 -05:00
dvb_net.h media: dvb-net.rst: document DVB network kAPI interface 2017-10-11 13:22:09 -04:00
dvb_ringbuffer.c locking/atomics, media/dvb_ringbuffer: Convert ACCESS_ONCE() to READ_ONCE()/WRITE_ONCE() 2017-10-25 11:00:58 +02:00
dvb_ringbuffer.h scripts/spelling.txt: add "an user" pattern and fix typo instances 2017-02-27 18:43:46 -08:00
dvb-usb-ids.h media: dvbsky: MyGica T230C support 2017-12-14 06:35:18 -05:00
dvbdev.c Simplify major/minor non-dynamic logic 2017-10-11 15:32:11 -04:00
dvbdev.h media: dvbdev: fully document its functions 2017-10-11 13:01:13 -04:00
Kconfig [media] Raise adapter number limit 2016-11-23 13:28:43 -02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00