Having more than 99 CPUs causes an overflow of cpustr. If an attacker is able to control the number CPUs he might able to inject code ...kind of. ;-) Signed-off-by: Richard Weinberger <richard@xxxxxx> --- arch/ia64/kernel/palinfo.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c index 77597e5..35bee152 100644 --- a/arch/ia64/kernel/palinfo.c +++ b/arch/ia64/kernel/palinfo.c @@ -971,20 +971,18 @@ palinfo_read_entry(char *page, char **start, off_t off, int count, int *eof, voi static void __cpuinit create_palinfo_proc_entries(unsigned int cpu) { -# define CPUSTR "cpu%d" - pal_func_cpu_u_t f; struct proc_dir_entry **pdir; struct proc_dir_entry *cpu_dir; int j; - char cpustr[sizeof(CPUSTR)]; + char cpustr[32]; /* * we keep track of created entries in a depth-first order for * cleanup purposes. Each entry is stored into palinfo_proc_entries */ - sprintf(cpustr,CPUSTR, cpu); + snprintf(cpustr, sizeof(cpustr), "cpu%d", cpu); cpu_dir = proc_mkdir(cpustr, palinfo_dir); -- 1.8.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-ia64" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html