Input: evdev - fix overflow in compat_ioctl
When exporting input device bitmaps via compat_ioctl on BIG_ENDIAN platforms evdev calculates data size incorrectly. This causes buffer overflow if user specifies buffer smaller than maxlen. Signed-off-by: Kenichi Nagai <kenichi3.nagai@toshiba.co.jp> Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Родитель
435b71be20
Коммит
bf61f8d357
|
@ -336,7 +336,7 @@ static int bits_to_user(unsigned long *bits, unsigned int maxbit,
|
||||||
|
|
||||||
if (compat) {
|
if (compat) {
|
||||||
len = NBITS_COMPAT(maxbit) * sizeof(compat_long_t);
|
len = NBITS_COMPAT(maxbit) * sizeof(compat_long_t);
|
||||||
if (len < maxlen)
|
if (len > maxlen)
|
||||||
len = maxlen;
|
len = maxlen;
|
||||||
|
|
||||||
for (i = 0; i < len / sizeof(compat_long_t); i++)
|
for (i = 0; i < len / sizeof(compat_long_t); i++)
|
||||||
|
|
Загрузка…
Ссылка в новой задаче