1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
diff -urNp linux-2.6.10/drivers/char/moxa.c linux-2.6.10-new/drivers/char/moxa.c
--- linux-2.6.10/drivers/char/moxa.c 2005-01-07 10:51:23 -0500
+++ linux-2.6.10-new/drivers/char/moxa.c 2005-01-07 10:51:33 -0500
@@ -1668,6 +1668,8 @@ int MoxaDriverIoctl(unsigned int cmd, un
return -EFAULT;
if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS)
return -EINVAL;
+ if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff))
+ return -EINVAL;
switch(cmd)
{
@@ -2822,8 +2824,6 @@ static int moxaload320b(int cardno, unsi
void __iomem *baseAddr;
int i;
- if(len > sizeof(moxaBuff))
- return -EINVAL;
if(copy_from_user(moxaBuff, tmp, len))
return -EFAULT;
baseAddr = moxaBaseAddr[cardno];
diff -urNp linux-2.6.10/drivers/block/scsi_ioctl.c linux-2.6.10-new/drivers/block/scsi_ioctl.c
--- linux-2.6.10/drivers/block/scsi_ioctl.c 2005-01-07 10:51:24 -0500
+++ linux-2.6.10-new/drivers/block/scsi_ioctl.c 2005-01-07 10:51:33 -0500
@@ -339,7 +339,8 @@ static int sg_scsi_ioctl(struct file *fi
struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic)
{
struct request *rq;
- int err, in_len, out_len, bytes, opcode, cmdlen;
+ unsigned int in_len, out_len, bytes, opcode, cmdlen;
+ int err;
char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
/*
diff -urNp linux-2.6.10/drivers/char/random.c linux-2.6.10-new/drivers/char/random.c
--- linux-2.6.10/drivers/char/random.c 2005-01-07 10:51:23 -0500
+++ linux-2.6.10-new/drivers/char/random.c 2005-01-07 10:51:33 -0500
@@ -1912,7 +1912,7 @@ static int poolsize_strategy(ctl_table *
void __user *oldval, size_t __user *oldlenp,
void __user *newval, size_t newlen, void **context)
{
- int len;
+ size_t len;
sysctl_poolsize = random_state->poolinfo.POOLBYTES;
diff -urNp linux-2.6.10/mm/mmap.c linux-2.6.10-new/mm/mmap.c
--- linux-2.6.10/mm/mmap.c 2004-12-24 22:35:00.000000000 +0100
+++ linux-2.6.10-new/mm/mmap.c 2004-12-27 16:37:47.000000000 +0100
@@ -1360,6 +1360,13 @@ int expand_stack(struct vm_area_struct *
vm_unacct_memory(grow);
return -ENOMEM;
}
+ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) &&
+ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) >
+ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) {
+ anon_vma_unlock(vma);
+ vm_unacct_memory(grow);
+ return -ENOMEM;
+ }
vma->vm_end = address;
vma->vm_mm->total_vm += grow;
if (vma->vm_flags & VM_LOCKED)
@@ -1422,6 +1429,13 @@ int expand_stack(struct vm_area_struct *
vm_unacct_memory(grow);
return -ENOMEM;
}
+ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) &&
+ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) >
+ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) {
+ anon_vma_unlock(vma);
+ vm_unacct_memory(grow);
+ return -ENOMEM;
+ }
vma->vm_start = address;
vma->vm_pgoff -= grow;
vma->vm_mm->total_vm += grow;
|
GitWeb