Dan Carpenter 096cdc6f52 platform/chrome: cros_ec_dev - double fetch bug in ioctl ... We verify "u_cmd.outsize" and "u_cmd.insize" but we need to make sure that those values have not changed between the two copy_from_user() calls. Otherwise it could lead to a buffer overflow. Additionally, cros_ec_cmd_xfer() can set s_cmd->insize to a lower value. We should use the new smaller value so we don't copy too much data to the user. Reported-by: Pengfei Wang <wpengfeinudt@gmail.com> Fixes: a841178445 ('mfd: cros_ec: Use a zero-length array for command data') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Gwendal Grignou <gwendal@chromium.org> Cc: <stable@vger.kernel.org> # v4.2+ Signed-off-by: Olof Johansson <olof@lixom.net>		2016-07-05 14:01:52 -07:00
..
chromeos_laptop.c	Revert "platform/chrome: chromeos_laptop: Add Leon Touch"	2016-05-28 08:47:48 -07:00
chromeos_pstore.c	platform/chrome: pstore: Move to larger record size.	2016-05-11 11:55:47 -07:00
cros_ec_dev.c	platform/chrome: cros_ec_dev - double fetch bug in ioctl	2016-07-05 14:01:52 -07:00
cros_ec_dev.h	mfd: cros_ec: Support multiple EC in a system	2015-06-15 13:18:23 +01:00
cros_ec_lightbar.c	platform/chrome: cros_ec_lightbar - use name instead of ID to hide lightbar attributes	2016-05-11 11:55:47 -07:00
cros_ec_lpc.c	platform/chrome: cros_ec_lpc - Add support for Google Pixel 2	2015-10-07 14:34:26 -07:00
cros_ec_proto.c	platform/chrome: cros_ec_dev - Fix security issue	2016-05-11 11:55:47 -07:00
cros_ec_sysfs.c	mfd: cros_ec: Support multiple EC in a system	2015-06-15 13:18:23 +01:00
cros_ec_vbc.c	platform/chrome: Support reading/writing the vboot context	2015-10-07 15:05:53 -07:00
cros_kbd_led_backlight.c	platform/chrome: Add Chrome OS keyboard backlight LEDs support	2016-05-11 11:55:47 -07:00
Kconfig	platform/chrome: Add Chrome OS keyboard backlight LEDs support	2016-05-11 11:55:47 -07:00
Makefile	platform/chrome: Add Chrome OS keyboard backlight LEDs support	2016-05-11 11:55:47 -07:00