Revision eabc77935d8d2a761c88b9cbb6313bd54b6ddbb3 authored by Roland Dreier on 18 November 2005, 22:18:26 UTC, committed by Roland Dreier on 18 November 2005, 22:18:26 UTC
Make sure that userspace passes in enough data when sending a MAD. We always copy at least sizeof (struct ib_user_mad) + IB_MGMT_RMPP_HDR bytes from userspace, so anything less is definitely invalid. Also, if the length is less than this limit, it's possible for the second copy_from_user() to get a negative length and trigger a BUG(). Signed-off-by: Roland Dreier <rolandd@cisco.com>
1 parent 48fd0d1
File | Mode | Size |
---|---|---|
keys | ||
selinux | ||
Kconfig | -rw-r--r-- | 2.8 KB |
Makefile | -rw-r--r-- | 599 bytes |
capability.c | -rw-r--r-- | 2.8 KB |
commoncap.c | -rw-r--r-- | 9.4 KB |
dummy.c | -rw-r--r-- | 22.1 KB |
inode.c | -rw-r--r-- | 9.2 KB |
root_plug.c | -rw-r--r-- | 3.9 KB |
seclvl.c | -rw-r--r-- | 17.3 KB |
security.c | -rw-r--r-- | 6.0 KB |
Computing file changes ...