netdev
[Top] [All Lists]

Re: some bluetooth fixes

To: Andi Kleen <ak@xxxxxxx>
Subject: Re: some bluetooth fixes
From: Marcel Holtmann <marcel@xxxxxxxxxxxx>
Date: Wed, 11 Feb 2004 21:47:01 +0100
Cc: BlueZ Mailing List <bluez-devel@xxxxxxxxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, viro@xxxxxxxxxxxxxxxxxx
In-reply-to: <20040215002513.7c6fc532.ak@xxxxxxx>
References: <20040206050042.20a2b3b0.ak@xxxxxxx> <1076079512.2806.40.camel@pegasus> <20040207032428.56ffbebc.ak@xxxxxxx> <1076152411.14418.73.camel@pegasus> <20040207125723.391a1fcd.ak@xxxxxxx> <1076173068.2670.4.camel@pegasus> <20040207172436.GB449@xxxxxxxxxxxxx> <1076525743.2792.1.camel@pegasus> <20040215002513.7c6fc532.ak@xxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
Hi Andi,

> +     if (req.conn_num * sizeof(*ci) > PAGE_SIZE * 2)
> +             return -EINVAL;
> 
> This can still overflow. It should be 
> 
>       if (req.conn_num > (PAGE_SIZE * 2)/sizeof(*ci))
>               return -EINVAL

thanks for reviewing the patch again. The fixed version is only attached
for control. It goes out to Dave in the next minutes.

Regards

Marcel

Attachment: patch
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>