2a2b9ef309
commit 4c41aa24baa4ed338241d05494f2c595c885af8f upstream. If the server is malicious then *bytes_read could be larger than the size of the "target" buffer. It would lead to memory corruption when we do the memcpy(). Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <silvio.cesare@gmail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| dir.c | ||
| file.c | ||
| getopt.c | ||
| getopt.h | ||
| inode.c | ||
| ioctl.c | ||
| Kconfig | ||
| Makefile | ||
| mmap.c | ||
| ncp_fs.h | ||
| ncp_fs_i.h | ||
| ncp_fs_sb.h | ||
| ncplib_kernel.c | ||
| ncplib_kernel.h | ||
| ncpsign_kernel.c | ||
| ncpsign_kernel.h | ||
| sock.c | ||
| symlink.c | ||