Feature #2771
Updated by Vadim Mutilin over 9 years ago
Somebody can pass negative values as a number of bytes to be copied from user. But copy_from_user() (and some similar functions) expects unsigned long int value, so negative values will lead to integer underflow. This issue belongs to _specific:check_params_, but also can be treated as _generic:int_overflow_. Commit 064368f of linux-stable represents the issue. Model 111_2a will take care on it.
And in additional 111_2a check if number of bytes is less than buffer's size.
*Links*
Sample bugfixes "42f9f8d":https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=42f9f8d, "5c9843a":https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=5c9843a, "064368f":https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=064368f, "5934df9":https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=5934df9