linux/drivers/staging/vt6655
Xi Wang 2a58b19fd9 staging: vt6655: integer overflows in private_ioctl()
There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem.  The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-30 19:29:40 +09:00
..
80211hdr.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
80211mgr.c Staging: vt6655: replace TRUE with in kernel true 2010-08-02 18:17:12 -07:00
80211mgr.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
aes_ccmp.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
aes_ccmp.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
baseband.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
baseband.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
bssdb.c staging: Remove unnecessary semicolons when if (foo) {...}; 2011-04-25 16:58:34 -07:00
bssdb.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
card.c Fix common misspellings 2011-03-31 11:26:23 -03:00
card.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
channel.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
channel.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
country.h Staging: vt6655: move channel mapping code from card.c to channel.c 2010-06-22 15:39:58 -07:00
datarate.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
datarate.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
desc.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
device_cfg.h Staging: vt6655: replace FALSE with in kernel false 2010-08-02 18:17:38 -07:00
device_main.c staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
device.h staging: vt6655: Fix warnings if CONFIG_PM is not defined 2011-05-06 09:27:34 -07:00
dpc.c staging: vt6655: simplify MAC printing by using %pM 2011-08-23 14:36:17 -07:00
dpc.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
hostap.c staging: vt6655: Remove NULL check before kfree 2011-03-14 11:57:37 -07:00
hostap.h
IEEE11h.c staging: vt6655: Fixed all the indents and other errors in IEEE11h.c 2011-08-23 13:27:28 -07:00
IEEE11h.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
iocmd.h Staging: vt665x: remove unused DEF definition 2010-09-16 13:02:36 -07:00
ioctl.c staging: vt6655: integer overflows in private_ioctl() 2011-11-30 19:29:40 +09:00
ioctl.h Staging: vt6655: remove DWORD typedef 2010-06-24 14:23:17 -07:00
iowpa.h
iwctl.c staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
iwctl.h staging:vt6656: iwctl.c: Removed unneeded function 2011-11-30 19:25:50 +09:00
Kconfig Staging: vt665?: prevent modules from being built into the kernel. 2011-04-04 21:33:26 -07:00
key.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
key.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
mac.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
mac.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
Makefile Staging: vt6655: Makefile: cleaned up Makefile cflag lines 2010-10-05 11:56:38 -07:00
mib.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
mib.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
michael.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
michael.h Staging: vt6655: remove DWORD typedef 2010-06-24 14:23:17 -07:00
power.c staging: Remove unnecessary semicolons when if (foo) {...}; 2011-04-25 16:58:34 -07:00
power.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
rc4.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
rc4.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
rf.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
rf.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
rxtx.c staging: Remove unnecessary semicolons when if (foo) {...}; 2011-04-25 16:58:34 -07:00
rxtx.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
srom.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
srom.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
tcrc.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
tcrc.h Staging: vt6655: remove DWORD typedef 2010-06-24 14:23:17 -07:00
test
tether.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
tether.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
tkip.c Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
tkip.h Staging: vt6655: remove WORD typedef 2010-06-24 14:23:17 -07:00
tmacro.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
TODO Staging: vt6655: Add TODO entries on x86-64 pointers and .data size 2010-06-25 11:11:22 -07:00
ttype.h Staging: vt6655: remove unused update_BssList definition 2010-09-20 17:01:24 -07:00
upc.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
vntconfiguration.dat
vntwifi.c staging: vt6655: '&pointer[0]' to 'pointer' fix 2010-09-20 16:10:56 -07:00
vntwifi.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wcmd.c staging: Remove unnecessary semicolons when if (foo) {...}; 2011-04-25 16:58:34 -07:00
wcmd.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wctl.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wctl.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wmgr.c staging: vt6655: simplify MAC printing by using %pM 2011-08-23 14:36:17 -07:00
wmgr.h Fix common misspellings 2011-03-31 11:26:23 -03:00
wpa2.c drivers/staging: Remove unnecessary semicolons 2010-11-16 12:06:47 -08:00
wpa2.h Staging: vt6655: remove BYTE typedef 2010-06-24 14:23:18 -07:00
wpa.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wpa.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wpactl.c Staging: vt6655: memory corruption in check in wpa_set_wpadev() 2011-10-19 13:42:48 -07:00
wpactl.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wroute.c Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00
wroute.h Staging: vt6655: replace BOOL with in kernel bool 2010-08-02 18:17:57 -07:00