Alan Cox ad9798967d 6pack: fix buffer length mishandling ... Dmitry Vyukov wrote: > different runs). Looking at code, the following looks suspicious -- we > limit copy by 512 bytes, but use the original count which can be > larger than 512: > > static void sixpack_receive_buf(struct tty_struct *tty, > const unsigned char *cp, char *fp, int count) > { > unsigned char buf[512]; > .... > memcpy(buf, cp, count < sizeof(buf) ? count : sizeof(buf)); > .... > sixpack_decode(sp, buf, count1); With the sane tty locking we now have I believe the following is safe as we consume the bytes and move them into the decoded buffer before returning. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2016-09-20 22:51:30 -04:00
..
6pack.c	6pack: fix buffer length mishandling	2016-09-20 22:51:30 -04:00
baycom_epp.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2016-05-17 16:26:30 -07:00
baycom_par.c	hamradio: baycom: fix old-style declaration	2016-06-16 22:06:30 -07:00
baycom_ser_fdx.c	net: hamradio: baycom_ser_fdx: Replace timeval with timespec64	2016-02-11 09:54:54 -05:00
baycom_ser_hdx.c	hamradio: baycom: remove deprecated IRQF_DISABLED	2013-09-30 15:08:13 -04:00
bpqether.c	hamradio: use IS_ENABLED() instead of checking for built-in or module	2016-09-12 20:27:59 -07:00
dmascc.c	dmascc: Return correct error codes	2016-02-16 15:32:34 -05:00
hdlcdrv.c	drivers: net: use NETDEV_TX_OK instead of NETDEV_TX_LOCKED	2016-04-26 15:53:05 -04:00
Kconfig	tty: Added a CONFIG_TTY option to allow removal of TTY	2013-01-18 16:15:27 -08:00
Makefile	Fix common misspellings	2011-03-31 11:26:23 -03:00
mkiss.c	treewide: replace dev->trans_start update with helper	2016-05-04 14:16:49 -04:00
scc.c	treewide: replace dev->trans_start update with helper	2016-05-04 14:16:49 -04:00
yam.c	treewide: replace dev->trans_start update with helper	2016-05-04 14:16:49 -04:00
z8530.h