Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-24 08:53:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
510cccb5b0
linux/drivers/tty
History
Dmitry Torokhov 510cccb5b0 tty/vt/keyboard: fix OOB access in do_compute_shiftstate() 
The size of individual keymap in drivers/tty/vt/keyboard.c is NR_KEYS,
which is currently 256, whereas number of keys/buttons in input device (and
therefor in key_down) is much larger - KEY_CNT - 768, and that can cause
out-of-bound access when we do

	sym = U(key_maps[0][k]);

with large 'k'.

To fix it we should not attempt iterating beyond smaller of NR_KEYS and
KEY_CNT.

Also while at it let's switch to for_each_set_bit() instead of open-coding
it.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2016-07-20 17:50:23 -07:00
..
hvc xen: features and fixes for 4.6-rc0 2016-03-22 12:55:17 -07:00
ipwireless
serial Revert "serial: 8250: Add hardware dependency to RT288X option" 2016-04-19 15:17:37 +09:00
vt tty/vt/keyboard: fix OOB access in do_compute_shiftstate() 2016-07-20 17:50:23 -07:00
amiserial.c tty: Use termios c_*flag macros 2016-01-28 14:13:44 -08:00
bfin_jtag_comm.c
cyclades.c tty: Use termios c_*flag macros 2016-01-28 14:13:44 -08:00
ehv_bytechan.c drivers/tty: make ehv_bytechan.c explicitly non-modular 2016-02-06 23:26:43 -08:00
goldfish.c tty: goldfish: support platform_device with id -1 2016-03-07 16:11:14 -08:00
isicom.c tty: Use termios c_*flag macros 2016-01-28 14:13:44 -08:00
Kconfig tty: cyclades: cyz_interrupt is only used for PCI 2016-02-06 23:41:17 -08:00
Makefile
metag_da.c
mips_ejtag_fdc.c ttyFDC: Fix build problems due to use of module_{init,exit} 2015-10-17 21:29:21 -07:00
moxa.c tty: Remove unused SERIAL_DO_RESTART define 2015-12-13 19:59:48 -08:00
moxa.h
mxser.c tty: constify tty_port_operations structs 2016-02-06 23:31:08 -08:00
mxser.h
n_gsm.c tty: Use termios c_*flag macros 2016-01-28 14:13:44 -08:00
n_hdlc.c TTY: n_hdlc, fix lockdep false positive 2016-02-06 23:27:46 -08:00
n_r3964.c
n_tracerouter.c
n_tracesink.c
n_tracesink.h
n_tty.c n_tty: Ignore all read data when closing 2016-01-28 14:13:44 -08:00
nozomi.c tty: nozomi: avoid a harmless gcc warning 2016-02-06 23:41:17 -08:00
pty.c devpts: more pty driver interface cleanups 2016-04-26 15:47:32 -07:00
rocket_int.h tty: rocket: Remove private close_wait 2016-01-28 14:13:44 -08:00
rocket.c tty: Remove ASYNC_CLOSING 2016-01-28 14:19:12 -08:00
rocket.h
synclink_gt.c tty: Use termios c_*flag macros 2016-01-28 14:13:44 -08:00
synclink.c tty: Use termios c_*flag macros 2016-01-28 14:13:44 -08:00
synclinkmp.c tty: synclinkmp: do not ignore errors in probe() 2016-02-06 23:27:46 -08:00
sysrq.c sysrq: Fix warning in sysrq generated crash. 2015-12-29 16:29:18 -08:00
tty_audit.c tty: audit: remove unused variable 2016-03-07 16:11:14 -08:00
tty_buffer.c tty: Unify receive_buf() code paths 2016-01-28 14:13:44 -08:00
tty_io.c devpts: more pty driver interface cleanups 2016-04-26 15:47:32 -07:00
tty_ioctl.c tty: Use termios c_*flag macros 2016-01-28 14:13:44 -08:00
tty_ldisc.c tty: Eliminate global symbol tty_ldisc_N_TTY 2016-01-27 15:13:28 -08:00
tty_ldsem.c tty: Deinline __ldsem_down_write_nested, save 128 bytes 2015-12-13 19:59:48 -08:00
tty_mutex.c Merge 4.5-rc4 into tty-next 2016-02-14 14:36:04 -08:00
tty_port.c tty: Remove ASYNC_CLOSING 2016-01-28 14:19:12 -08:00