| Submitter | Herton Ronaldo Krzesinski |
|---|---|
| Date | Feb. 15, 2013, 3:10 a.m. |
| Message ID | <1360897844-15500-1-git-send-email-herton.krzesinski@canonical.com> |
| Download | mbox | patch |
| Permalink | /patch/220596/ |
| State | New |
| Headers | show |
Comments
Patch
diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c index 27e4a3e..f45b5b0 100644 --- a/drivers/isdn/gigaset/capi.c +++ b/drivers/isdn/gigaset/capi.c @@ -248,6 +248,8 @@ static inline void dump_rawmsg(enum debuglevel level, const char *tag, CAPIMSG_APPID(data), CAPIMSG_MSGID(data), l, CAPIMSG_CONTROL(data)); l -= 12; + if (l <= 0) + return; dbgline = kmalloc(3 * l, GFP_ATOMIC); if (!dbgline) return;
This is a note to let you know that I have just added a patch titled isdn/gigaset: fix zero size border case in debug dump to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Herton ------ From c021525d8b2a8f9cf886cd8a706cdf351f5679ed Mon Sep 17 00:00:00 2001 From: Tilman Schmidt <tilman@imap.cc> Date: Mon, 21 Jan 2013 11:57:21 +0000 Subject: [PATCH] isdn/gigaset: fix zero size border case in debug dump commit d721a1752ba544df8d7d36959038b26bc92bdf80 upstream. If subtracting 12 from l leaves zero we'd do a zero size allocation, leading to an oops later when we try to set the NUL terminator. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> --- drivers/isdn/gigaset/capi.c | 2 ++ 1 file changed, 2 insertions(+) -- 1.7.9.5