• Ian Abbott's avatar
    USB serial ftdi_sio: Prevent userspace DoS (CVE-2006-2936) · ba4532fa
    Ian Abbott authored
    This patch limits the amount of outstanding 'write' data that can be
    queued up for the ftdi_sio driver, to prevent userspace DoS attacks (or
    simple accidents) that use up all the system memory by writing lots of
    data to the serial port.
    
    The original patch was by Guillaume Autran, who in turn based it on the
    same mechanism implemented in the 'visor' driver.  I (Ian Abbott)
    re-targeted the patch to the latest sources, fixed a couple of errors,
    renamed his new structure members, and updated the implementations of
    the 'write_room' and 'chars_in_buffer' methods to take account of the
    number of outstanding 'write' bytes.  It seems to work fine, though at
    low baud rates it is still possible to queue up an amount of data that
    takes an age to shift (a job for another day!).
    Signed-off-by: default avatarIan Abbott <abbotti@mev.co.uk>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
    
    ba4532fa
ftdi_sio.c 71.6 KB