提交 5c15c0b4 编写于 作者: M Manu Abraham 提交者: Linus Torvalds

[PATCH] dvb: dst: Fix possible buffer overflow

Fixes a possible buffer overflow due to reading more than 8 bytes into an 8
byte long array

Thanks to Perceval Anichini <perceval.anichini@streamvision.fr> for pointing
out the bug.
Signed-off-by: NManu Abraham <manu@linuxtv.org>
Signed-off-by: NMichael Krufky <mkrufky@linuxtv.org>
Cc: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
上级 4fbbc7ee
......@@ -196,7 +196,7 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s
int i;
static u8 slot_command[8] = {0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff};
u8 *slot_info = state->rxbuffer;
u8 *slot_info = state->messages;
put_checksum(&slot_command[0], 7);
if ((dst_put_ci(state, slot_command, sizeof (slot_command), slot_info, GET_REPLY)) < 0) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册