]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 458d20c) | patch
cdrom: information leak in cdrom_ioctl_media_changed()
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 18 Apr 2018 09:51:31 +0000 (12:51 +0300)
committerSasha Levin <alexander.levin@microsoft.com>
Wed, 23 May 2018 01:36:37 +0000 (21:36 -0400)
commit888f807c68bc7a4d96429d28a12cba9a045e3c79
tree494a300084a7e3514aefc41a57366c0217896e3etree | snapshot
parent458d20cc2bb3a2ac01123064cb1397013989b1c7commit | diff
cdrom: information leak in cdrom_ioctl_media_changed()

[ Upstream commit 9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 ]

This cast is wrong.  "cdi->capacity" is an int and "arg" is an unsigned
long.  The way the check is written now, if one of the high 32 bits is
set then we could read outside the info->slots[] array.

This bug is pretty old and it predates git.

Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
drivers/cdrom/cdrom.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git