by Martin Gallig » Fri, 25 May 2001 04:00:07
Initially, I'd like to requests PNP Id's from everything on the USB bus.
-Marty
1. fix a bug in ioctl(CDROMREADAUDIO) in cdrom.c in 2.2.18
Using ioctl(CDROMREADAUDIO) with nframes argument being larger than 8 and
not divisible by 8 causes kernel to read and return more audio data than
was requested. This is bad since it clobbers up processes memory
(I noticed this when my patched cdparanoia segfaulted).
This _might_ also have a security impact, since it could be used to
overwrite memory which the user should not have write access with
cdrom audio data. (_might_ since I do not know the exact semantics of
__copy_to_user() and I am too lazy to check them out. The attacker needs
access to cdrom device with audio cdrom in drive, preferably with a
custom made audio cd).
I have not checked if the same bug is also present in 2.4 kernels.
If you have any comments, please Cc: them to me, since I am not present in
the list.
Here is a trivial patch against drivers/cdrom/cdrom.c of kernel 2.2.18:
--- cdrom.c.orig Wed Mar 14 13:15:13 2001
ra.buf += (CD_FRAMESIZE_RAW * frames);
ra.nframes -= frames;
lba += frames;
+ if (frames>ra.nframes) frames=ra.nframes;
}
kfree(cgc.buffer);
return ret;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
2. Khelpcenter doesn't show search?
3. USB sound with kernels 2.2.18 / 2.2.19
4. NEWBIE QUESTION: Kernel building
5. USB Mouse Problem in 2.4 Kernels - 2.2.18 Works Fine
7. USB printer with kernel 2.2.18...
8. Occasionally evil: 2.2.1 + aic7880 + 2 x ahc2940?
9. USB CD-R suggestions for use with kernel 2.2.18
10. USB connect of Visor with 2.2.18pre17
11. more info on using MOL with kernel 2.2.18 usb devices
12. how to make my imac USB keyboard work with 2.2.18 kernel?
13. LinuxPPC 2.2.18 w/ USB - How do I get my mouse to work?