Re: [PATCH] stm class: fix a missing-check bug

On Wed, Oct 3, 2018 at 2:57 AM Alexander Shishkin wrote: > > Wenwen Wang writes: > > > In stm_char_policy_set_ioctl(), the 'size' field of the struct > > 'stp_polic_id' is firstly copied from the user space and then checked, > > because the length of the 'id' field in this struct, which

Re: [PATCH] stm class: fix a missing-check bug

On Wed, Oct 3, 2018 at 2:57 AM Alexander Shishkin wrote: > > Wenwen Wang writes: > > > In stm_char_policy_set_ioctl(), the 'size' field of the struct > > 'stp_polic_id' is firstly copied from the user space and then checked, > > because the length of the 'id' field in this struct, which

Re: [PATCH] stm class: fix a missing-check bug

Wenwen Wang writes: > In stm_char_policy_set_ioctl(), the 'size' field of the struct > 'stp_polic_id' is firstly copied from the user space and then checked, > because the length of the 'id' field in this struct, which represents an > identification string, is not fixed. If the 'size' field

Re: [PATCH] stm class: fix a missing-check bug

Wenwen Wang writes: > In stm_char_policy_set_ioctl(), the 'size' field of the struct > 'stp_polic_id' is firstly copied from the user space and then checked, > because the length of the 'id' field in this struct, which represents an > identification string, is not fixed. If the 'size' field