3.10-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 18 Nov 2014 20:27:24 +0000 (12:27 -0800)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 18 Nov 2014 20:27:24 +0000 (12:27 -0800)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 18 Nov 2014 20:27:24 +0000 (12:27 -0800)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 18 Nov 2014 20:27:24 +0000 (12:27 -0800)
diff --git a/queue-3.10/media-ttusb-dec-buffer-overflow-in-ioctl.patch b/queue-3.10/media-ttusb-dec-buffer-overflow-in-ioctl.patch

new file mode 100644 (file)

index 0000000..b8586c3
--- /dev/null
+++ b/queue-3.10/media-ttusb-dec-buffer-overflow-in-ioctl.patch
@@ -0,0 +1,31 @@
+From f2e323ec96077642d397bb1c355def536d489d16 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 5 Sep 2014 09:09:28 -0300
+Subject: media: ttusb-dec: buffer overflow in ioctl
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit f2e323ec96077642d397bb1c355def536d489d16 upstream.
+
+We need to add a limit check here so we don't overflow the buffer.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/usb/ttusb-dec/ttusbdecfe.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/media/usb/ttusb-dec/ttusbdecfe.c
++++ b/drivers/media/usb/ttusb-dec/ttusbdecfe.c
+@@ -156,6 +156,9 @@ static int ttusbdecfe_dvbs_diseqc_send_m
+                  0x00, 0x00, 0x00, 0x00,
+                  0x00, 0x00 };
+ 
++      if (cmd->msg_len > sizeof(b) - 4)
++              return -EINVAL;
++
+       memcpy(&b[4], cmd->msg, cmd->msg_len);
+ 
+       state->config->send_command(fe, 0x72,
diff --git a/queue-3.10/series b/queue-3.10/series

index 741834fe71f1483994d3a8b8432bfce91a8d5159..18246c3746737f1f66ba4b48caf4c8b62a0aa861 100644 (file)
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -36,3 +36,4 @@ nfsv4-ensure-that-we-remove-nfsv4.0-delegations-when-state-has-expired.patch
  nfs-don-t-try-to-reclaim-delegation-open-state-if-recovery-failed.patch
  nfs-fix-use-of-uninitialized-variable-in-nfs_getattr.patch
  nfsv4-fix-races-between-nfs_remove_bad_delegation-and-delegation-return.patch
+media-ttusb-dec-buffer-overflow-in-ioctl.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 18 Nov 2014 20:27:24 +0000 (12:27 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 18 Nov 2014 20:27:24 +0000 (12:27 -0800)
queue-3.10/media-ttusb-dec-buffer-overflow-in-ioctl.patch	[new file with mode: 0644]	patch \| blob
queue-3.10/series		patch \| blob \| blame \| history