On Mon, Aug 02, 2010 at 10:46:41PM +0200, Helge Deller wrote:
> Kyle, please apply to the parisc git tree.
>
Please send this straight to Linus with my
Signed-off-by: Kyle McMartin <kyle@xxxxxxxxxxx>
I don't want to accidentally mis-place it again this summer.
--Kyle
> Helge
>
> -----------
> [PARISC] led.c - fix potential stack overflow in led_proc_write()
>
> avoid potential stack overflow by correctly checking count parameter
>
> Signed-off-by: Helge Deller <deller@xxxxxx>
>
>
> diff --git a/drivers/parisc/led.c b/drivers/parisc/led.c
> index 188bc84..d02be78 100644
> --- a/drivers/parisc/led.c
> +++ b/drivers/parisc/led.c
> @@ -176,16 +176,18 @@ static ssize_t led_proc_write(struct file *file, const char *buf,
> size_t count, loff_t *pos)
> {
> void *data = PDE(file->f_path.dentry->d_inode)->data;
> - char *cur, lbuf[count + 1];
> + char *cur, lbuf[32];
> int d;
>
> if (!capable(CAP_SYS_ADMIN))
> return -EACCES;
>
> - memset(lbuf, 0, count + 1);
> + if (count >= sizeof(lbuf))
> + count = sizeof(lbuf)-1;
>
> if (copy_from_user(lbuf, buf, count))
> return -EFAULT;
> + lbuf[count] = 0;
>
> cur = lbuf;
>
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-parisc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
