From f0319748599183fa71a1e8792317385313ed946b Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Wed, 11 Jan 2017 11:07:39 +0100 Subject: [PATCH] s390/sclp: always stay within bounds of the early sccb Make sure the _sclp_print_lm function stays within bounds of the early sccb, even if the passed string is very long. If the string is too long, the remaining characters will be dropped. Suggested-by: Peter Oberparleiter Reviewed-by: Peter Oberparleiter Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- arch/s390/kernel/sclp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/s390/kernel/sclp.c b/arch/s390/kernel/sclp.c index 745324349a7b..53e391fe8577 100644 --- a/arch/s390/kernel/sclp.c +++ b/arch/s390/kernel/sclp.c @@ -132,16 +132,21 @@ static void _sclp_print_lm(const char *str) 0x10, 0x00, /* 4 */ 0x00, 0x00, 0x00, 0x00 /* 6 */ }; - unsigned char *ptr, ch; + unsigned char *ptr, *end_ptr, ch; unsigned int count; memcpy(_sclp_work_area, write_head, sizeof(write_head)); ptr = _sclp_work_area + sizeof(write_head); + end_ptr = _sclp_work_area + sizeof(_sclp_work_area) - 1; do { + if (ptr + sizeof(write_mto) > end_ptr) + break; memcpy(ptr, write_mto, sizeof(write_mto)); for (count = sizeof(write_mto); (ch = *str++) != 0; count++) { if (ch == 0x0a) break; + if (ptr > end_ptr) + break; ptr[count] = _ascebc[ch]; } /* Update length fields in mto, mdb, evbuf and sccb */ -- 2.20.1