From 5c15c0b4fa850543b8ccfcf93686d24456cc384d Mon Sep 17 00:00:00 2001 From: Manu Abraham Date: Tue, 8 Nov 2005 21:35:24 -0800 Subject: [PATCH] dvb: dst: Fix possible buffer overflow Fixes a possible buffer overflow due to reading more than 8 bytes into an 8 byte long array Thanks to Perceval Anichini for pointing out the bug. Signed-off-by: Manu Abraham Signed-off-by: Michael Krufky Cc: Johannes Stezenbach Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/media/dvb/bt8xx/dst_ca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/media/dvb/bt8xx/dst_ca.c b/drivers/media/dvb/bt8xx/dst_ca.c index 16645e0..38c72894 100644 --- a/drivers/media/dvb/bt8xx/dst_ca.c +++ b/drivers/media/dvb/bt8xx/dst_ca.c @@ -196,7 +196,7 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s int i; static u8 slot_command[8] = {0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}; - u8 *slot_info = state->rxbuffer; + u8 *slot_info = state->messages; put_checksum(&slot_command[0], 7); if ((dst_put_ci(state, slot_command, sizeof (slot_command), slot_info, GET_REPLY)) < 0) { -- cgit v1.1