]> git.openfabrics.org - ~emulex/infiniband.git/commitdiff
projects / ~emulex / infiniband.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4fbbc7e)
[PATCH] dvb: dst: Fix possible buffer overflow
authorManu Abraham <manu@linuxtv.org>
Wed, 9 Nov 2005 05:35:24 +0000 (21:35 -0800)
committerLinus Torvalds <torvalds@g5.osdl.org>
Wed, 9 Nov 2005 15:56:02 +0000 (07:56 -0800)
Fixes a possible buffer overflow due to reading more than 8 bytes into an 8
byte long array

Thanks to Perceval Anichini <perceval.anichini@streamvision.fr> for pointing
out the bug.

Signed-off-by: Manu Abraham <manu@linuxtv.org>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Cc: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
drivers/media/dvb/bt8xx/dst_ca.c patch | blob | history

diff --git a/drivers/media/dvb/bt8xx/dst_ca.c b/drivers/media/dvb/bt8xx/dst_ca.c
index 16645e06dea22d9e7d5b4e30ed207c0c572198db..38c728945bf1fe16bd6d75e62769f3308ddea21c 100644 (file)
--- a/drivers/media/dvb/bt8xx/dst_ca.c
+++ b/drivers/media/dvb/bt8xx/dst_ca.c
@@ -196,7 +196,7 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s
        int i;
        static u8 slot_command[8] = {0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff};
 
-       u8 *slot_info = state->rxbuffer;
+       u8 *slot_info = state->messages;
 
        put_checksum(&slot_command[0], 7);
        if ((dst_put_ci(state, slot_command, sizeof (slot_command), slot_info, GET_REPLY)) < 0) {
Emulex OneConnect RDMA Driver