Commit graph

9 commits

Author SHA1 Message Date
Dan Carpenter
4b030d4288 isdn: fix information leak
The main motivation of this patch changing strcpy() to strlcpy().
We strcpy() to copy a 48 byte buffers into a 49 byte buffers.  So at
best the last byte has leaked information, or maybe there is an
overflow?  Anyway, this patch closes the information leaks by zeroing
the memory and the calls to strlcpy() prevent overflows.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-08-05 13:21:25 -07:00
Julia Lawall
024cb8a67f drivers/isdn: Use memdup_user
Use memdup_user when user data is immediately copied into the
allocated region.

The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression from,to,size,flag;
position p;
identifier l1,l2;
@@

-  to = \(kmalloc@p\|kzalloc@p\)(size,flag);
+  to = memdup_user(from,size);
   if (
-      to==NULL
+      IS_ERR(to)
                 || ...) {
   <+... when != goto l1;
-  -ENOMEM
+  PTR_ERR(to)
   ...+>
   }
-  if (copy_from_user(to, from, size) != 0) {
-    <+... when != goto l2;
-    -EFAULT
-    ...+>
-  }
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-05-31 00:24:15 -07:00
Julia Lawall
093a44e71a drivers/isdn/sc/ioctl.c: add missing kfree
spid has been allocated in this function and so should be freed before
leaving it, as in the other error handling cases.

The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

@r exists@
expression E,E1;
statement S;
position p1,p2,p3;
@@

E =@p1 \(kmalloc\|kcalloc\|kzalloc\)(...)
... when != E = E1
if (E == NULL || ...) S
... when != E = E1
if@p2 (...) {
 ... when != kfree(E)
 }
... when != E = E1
kfree@p3(E);

@forall@
position r.p2;
expression r.E;
int E1 != 0;
@@

* if@p2 (...) {
 ... when != kfree(E)
     when strict
return E1; }

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-12 18:05:41 -07:00
Adrian Bunk
fc238b3791 [PATCH] drivers/isdn/sc/: proper prototypes
Add proper prototypes in a header file for global code under
drivers/isdn/sc/.

Since the GNU C compiler is now able do tell us that caller and callee
disagreed about the number of arguments of setup_buffers(), this patch
also fixes this bug.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12 09:48:34 -08:00
Jesper Juhl
94a6735cd6 [PATCH] i4l: memory leak fix for sc_ioctl().
Fix leak of `rcvmsg' in sc_ioctl().

There are two returns in the switch in sc_ioctl (the SCIOCSTART case) that
may leak `rcvmsg'.  This patch fixes that by adding a kfree() call at the
beginning of that case.

Bug found by the coverity checker as #1098

Eric Sesterhenn send me a patch to fix the leak(s) by adding 2 kfree()
calls before the returns, I changed that into just a single call at the
beginning.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-23 07:43:04 -07:00
Jesper Juhl
d32af0fe11 [PATCH] ISDN: fix a few memory leaks in sc_ioctl()
Fix a few memory leaks in drivers/isdn/sc/ioctl.c::sc_ioctl()

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Acked-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-31 12:18:56 -08:00
Domen Puncer
abffa7da99 [PATCH] drivers/isdn/sc/ioctl.c: copy_from_user() size fix
A few lines above the patch we have:

	char *srec;
	srec = kmalloc(SCIOC_SRECSIZE, GFP_KERNEL);

sizeof pointer is probably not meant here.

Signed-off-by: Domen Puncer <domen@coderock.org>
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-03 08:32:05 -08:00
Adrian Bunk
e3ca5e762c [PATCH] drivers/isdn/sc/: possible cleanups
This patch contains the following possible cleanips:
- make some needlessly global code static
- remove the compiled but completely unused debug.c
- remove or #if 0 the following unused global functions:
  - command.c: loopback
  - command.c: loadproc
  - init.c: irq_supported
  - packet.c: print_skb
  - shmem.c: memset_shmem
  - timer.c: trace_timer

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-25 16:24:56 -07:00
Linus Torvalds
1da177e4c3 Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.

Let it rip!
2005-04-16 15:20:36 -07:00