commit 786dc1d3d7333f269e17d742886eac2188a2d9cc
Author: Philippe Retornaz <[EMAIL PROTECTED]>
Date: Thu Jun 1 20:48:46 2006 -0700
[PATCH] usb: drivers/usb/core/devio.c dereferences a userspace pointer
See http://bugzilla.kernel.org/show_bug.cgi?id=6617.
This function dereference a __user pointer.
Signed-off-by: Philippe Retornaz <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>
is crap. Alleged dereference is taking a pointer to struct and
giving a pointer to the first element in array field of that
struct (actually, a pointer immediately past that struct into
variable-sized array sitting right after the header).
New code takes pointer to _stack_ - right after on-stack copy of
header. Then it casts that pointer to .... __user * and passes it
to function that will do copy_from_user().
IOW, it never had been tested - the thing would *always* fail.
Incidentally, bugzilla entry mentioned in the commit message
is in CLOSED/REJECTED/INVALID state since June 2, with
------- Additional Comment #3 From Greg Kroah-Hartman 2006-06-02 15:32
-------
Yeah, I agree, this isn't a bug, and the patch from Andrew doesn't really make
much sense as it's just the same thing.
closing it. So what the hell is it doing in the tree, merged on June 20?
BTW, I seriously suggest adding -Wcast-to-as to CHECKFLAGS - it would catch
the bogus casts of that kind...
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
