projects
/
GitHub
/
MotorolaMobilityLLC
/
kernel-slsi.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
9bedbcb
)
[IA64] SN2: security hole in sn2_ptc_proc_write
author
Cliff Wickman
<cpw@sgi.com>
Fri, 20 Jun 2008 19:02:00 +0000
(12:02 -0700)
committer
Tony Luck
<tony.luck@intel.com>
Fri, 20 Jun 2008 19:02:00 +0000
(12:02 -0700)
Security hole in sn2_ptc_proc_write
It is possible to overrun a buffer with a write to this /proc file.
Signed-off-by: Cliff Wickman <cpw@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
arch/ia64/sn/kernel/sn2/sn2_smp.c
patch
|
blob
|
blame
|
history
diff --git
a/arch/ia64/sn/kernel/sn2/sn2_smp.c
b/arch/ia64/sn/kernel/sn2/sn2_smp.c
index 49d3120415eb740154a5469be144e51598775d04..6dd886c5d860a29dd71b7c91a168728ff97b4611 100644
(file)
--- a/
arch/ia64/sn/kernel/sn2/sn2_smp.c
+++ b/
arch/ia64/sn/kernel/sn2/sn2_smp.c
@@
-512,6
+512,8
@@
static ssize_t sn2_ptc_proc_write(struct file *file, const char __user *user, si
int cpu;
char optstr[64];
+ if (count > sizeof(optstr))
+ return -EINVAL;
if (copy_from_user(optstr, user, count))
return -EFAULT;
optstr[count - 1] = '\0';