From: Manu Abraham <[email protected]>
- Fixes a possible buffer overflow due to reading more than 8 bytes into an 8 byte long array
Thanks to Perceval Anichini <[email protected]> for pointing out the bug.
Signed-off-by: Manu Abraham <[email protected]>
Signed-off-by: Michael Krufky <[email protected]>
drivers/media/dvb/bt8xx/dst_ca.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- linux-2.6.14-git3.orig/drivers/media/dvb/bt8xx/dst_ca.c
+++ linux-2.6.14-git3/drivers/media/dvb/bt8xx/dst_ca.c
@@ -196,7 +196,7 @@
int i;
static u8 slot_command[8] = {0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff};
- u8 *slot_info = state->rxbuffer;
+ u8 *slot_info = state->messages;
put_checksum(&slot_command[0], 7);
if ((dst_put_ci(state, slot_command, sizeof (slot_command), slot_info, GET_REPLY)) < 0) {
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]