[PATCH] dvb: dst: Fix possible buffer overflow

Fixes a possible buffer overflow due to reading more than 8 bytes into an 8 byte long array Thanks to Perceval Anichini <perceval.anichini@streamvision.fr> for pointing out the bug. Signed-off-by: N Manu Abraham <manu@linuxtv.org> Signed-off-by: N Michael Krufky <mkrufky@linuxtv.org> Cc: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>

[PATCH] dvb: dst: Fix possible buffer overflow
Fixes a possible buffer overflow due to reading more than 8 bytes into an 8 byte long array Thanks to Perceval Anichini <perceval.anichini@streamvision.fr> for pointing out the bug. Signed-off-by: N Manu Abraham <manu@linuxtv.org> Signed-off-by: N Michael Krufky <mkrufky@linuxtv.org> Cc: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>
5c15c0b4 · Manu Abraham · Linus Torvalds · 4fbbc7ee · 5c15c0b4
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/media/dvb/bt8xx/dst_ca.c drivers/media/dvb/bt8xx/dst_ca.c +1 -1

未找到文件。
--- a/drivers/media/dvb/bt8xx/dst_ca.c
+++ b/drivers/media/dvb/bt8xx/dst_ca.c
@@ -196,7 +196,7 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s
 	int i;
 	static u8 slot_command[8] = {0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff};

-	u8 *slot_info = state->rxbuffer;
+	u8 *slot_info = state->messages;

 	put_checksum(&slot_command[0], 7);
 	if ((dst_put_ci(state, slot_command, sizeof (slot_command), slot_info, GET_REPLY)) < 0) {