The patch titled
evdev: fix overflow in compat_ioctl
has been added to the -mm tree. Its filename is
evdev-fix-overflow-in-compat_ioctl.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: evdev: fix overflow in compat_ioctl
From: Kenichi Nagai <[EMAIL PROTECTED]>
When exporting input device bitmaps via compat_ioctl on BIG_ENDIAN
platforms evdev calculates data size incorrectly. This causes buffer
overflow if user specifies buffer smaller than maxlen.
Signed-off-by: Kenichi Nagai <[EMAIL PROTECTED]>
Signed-off-by: Dmitry Torokhov <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
---
drivers/input/evdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN drivers/input/evdev.c~evdev-fix-overflow-in-compat_ioctl
drivers/input/evdev.c
--- a/drivers/input/evdev.c~evdev-fix-overflow-in-compat_ioctl
+++ a/drivers/input/evdev.c
@@ -336,7 +336,7 @@ static int bits_to_user(unsigned long *b
if (compat) {
len = NBITS_COMPAT(maxbit) * sizeof(compat_long_t);
- if (len < maxlen)
+ if (len > maxlen)
len = maxlen;
for (i = 0; i < len / sizeof(compat_long_t); i++)
_
Patches currently in -mm which might be from [EMAIL PROTECTED] are
evdev-fix-overflow-in-compat_ioctl.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
