projects / deliverable / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)
[deliverable/linux.git] / drivers / char / pcmcia / cm4040_cs.c
diff --git a/drivers/char/pcmcia/cm4040_cs.c b/drivers/char/pcmcia/cm4040_cs.c
index 0e82968c2f38ee74c30e6c0a779f365d2c5f5a52..f2e4ec4fd407968b7322dac8664b5fdcb6fff9e0 100644 (file)
--- a/drivers/char/pcmcia/cm4040_cs.c
+++ b/drivers/char/pcmcia/cm4040_cs.c
@@ -273,6 +273,7 @@ static ssize_t cm4040_read(struct file *filp, char __user *buf,
        DEBUGP(6, dev, "BytesToRead=%lu\n", bytes_to_read);
 
        min_bytes_to_read = min(count, bytes_to_read + 5);
+       min_bytes_to_read = min_t(size_t, min_bytes_to_read, READ_WRITE_BUFFER_SIZE);
 
        DEBUGP(6, dev, "Min=%lu\n", min_bytes_to_read);
 
@@ -340,7 +341,7 @@ static ssize_t cm4040_write(struct file *filp, const char __user *buf,
                return 0;
        }
 
-       if (count < 5) {
+       if ((count < 5) || (count > READ_WRITE_BUFFER_SIZE)) {
                DEBUGP(2, dev, "<- cm4040_write buffersize=%Zd < 5\n", count);
                return -EIO;
        }
Linux kernel - Deliverables
This page took 0.027526 seconds and 5 git commands to generate.