Revision eabc77935d8d2a761c88b9cbb6313bd54b6ddbb3 authored by Roland Dreier on 18 November 2005, 22:18:26 UTC, committed by Roland Dreier on 18 November 2005, 22:18:26 UTC
Make sure that userspace passes in enough data when sending a MAD. We always copy at least sizeof (struct ib_user_mad) + IB_MGMT_RMPP_HDR bytes from userspace, so anything less is definitely invalid. Also, if the length is less than this limit, it's possible for the second copy_from_user() to get a negative length and trigger a BUG(). Signed-off-by: Roland Dreier <rolandd@cisco.com>
1 parent 48fd0d1
| File | Mode | Size |
|---|---|---|
| keys | ||
| selinux | ||
| Kconfig | -rw-r--r-- | 2.8 KB |
| Makefile | -rw-r--r-- | 599 bytes |
| capability.c | -rw-r--r-- | 2.8 KB |
| commoncap.c | -rw-r--r-- | 9.4 KB |
| dummy.c | -rw-r--r-- | 22.1 KB |
| inode.c | -rw-r--r-- | 9.2 KB |
| root_plug.c | -rw-r--r-- | 3.9 KB |
| seclvl.c | -rw-r--r-- | 17.3 KB |
| security.c | -rw-r--r-- | 6.0 KB |
Computing file changes ...
