microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/drivers/s390/char
История
Martin Schwidefsky 532c34b5fb s390/sclp_ctl: fix potential information leak with /dev/sclp 
The sclp_ctl_ioctl_sccb function uses two copy_from_user calls to
retrieve the sclp request from user space. The first copy_from_user
fetches the length of the request which is stored in the first two
bytes of the request. The second copy_from_user gets the complete
sclp request, but this copies the length field a second time.
A malicious user may have changed the length in the meantime.

Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
 		2016-04-27 09:33:39 +02:00
..
Kconfig s390/sclp: add open for business support 2015-11-27 09:24:18 +01:00
Makefile s390/sclp_cpi: remove sclp_cpi module in favor of sysfs interface 2015-11-27 09:24:16 +01:00
con3215.c tty: Remove ASYNC_CLOSING 2016-01-28 14:19:12 -08:00
con3270.c s390/con3270: testing return kzalloc retval 2015-12-30 10:34:33 +01:00
ctrlchar.c s390/ctrlchar: improve handling of magic sysrequests 2015-08-26 17:20:44 +02:00
ctrlchar.h s390/ctrlchar: improve handling of magic sysrequests 2015-08-26 17:20:44 +02:00
defkeymap.c
defkeymap.map
diag_ftp.c s390/diag: add a statistic for diagnose calls 2015-10-14 14:32:06 +02:00
diag_ftp.h
fs3270.c
hmcdrv_cache.c
hmcdrv_cache.h
hmcdrv_dev.c
hmcdrv_dev.h
hmcdrv_ftp.c s390/hmcdrv: constify hmcdrv_ftp_ops structs 2015-12-30 10:34:25 +01:00
hmcdrv_ftp.h
hmcdrv_mod.c
keyboard.c s390/keyboard: avoid off-by-one when using strnlen_user() 2015-06-15 10:51:12 +02:00
keyboard.h
monreader.c s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
monwriter.c
raw3270.c
raw3270.h
sclp.c s390/sclp: fix possible control register corruption 2016-01-11 13:03:00 +01:00
sclp.h s390/sclp: move sclp_facilities into "struct sclp" 2015-05-13 09:58:18 +02:00
sclp_async.c
sclp_cmd.c s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
sclp_con.c
sclp_config.c s390/sclp: add open for business support 2015-11-27 09:24:18 +01:00
sclp_cpi_sys.c s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
sclp_cpi_sys.h
sclp_ctl.c s390/sclp_ctl: fix potential information leak with /dev/sclp 2016-04-27 09:33:39 +02:00
sclp_diag.h
sclp_early.c KVM: s390: consider system MHA for guest storage 2015-12-15 17:08:22 +01:00
sclp_ftp.c
sclp_ftp.h
sclp_ocf.c
sclp_quiesce.c
sclp_rw.c s390/sclp: avoid merged message output 2015-10-14 14:32:10 +02:00
sclp_rw.h s390/sclp: avoid merged message output 2015-10-14 14:32:10 +02:00
sclp_sdias.c s390/sclp: pass timeout as HZ independent value 2015-06-15 10:50:57 +02:00
sclp_sdias.h
sclp_tty.c s390/sclp: avoid merged message output 2015-10-14 14:32:10 +02:00
sclp_tty.h
sclp_vt220.c s390/sclp_vt220: support magic sysrequests 2015-08-26 17:20:45 +02:00
tape.h
tape_34xx.c
tape_3590.c
tape_3590.h
tape_char.c
tape_class.c
tape_class.h
tape_core.c s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
tape_proc.c
tape_std.c
tape_std.h
tty3270.c s390/3270: redraw screen on unsolicited device end 2015-08-26 17:19:49 +02:00
tty3270.h
vmcp.c convert a bunch of open-coded instances of memdup_user_nul() 2016-01-04 10:26:58 -05:00
vmcp.h
vmlogrdr.c s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
vmur.c new helpers: no_seek_end_llseek{,_size}() 2015-12-23 10:41:31 -05:00
vmur.h
zcore.c new helpers: no_seek_end_llseek{,_size}() 2015-12-23 10:41:31 -05:00