[IA64] SN2: security hole in sn2_ptc_proc_write

Security hole in sn2_ptc_proc_write It is possible to overrun a buffer with a write to this /proc file. Signed-off-by: Cliff Wickman <cpw@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>

[IA64] SN2: security hole in sn2_ptc_proc_write
Security hole in sn2_ptc_proc_write It is possible to overrun a buffer with a write to this /proc file. Signed-off-by: Cliff Wickman <cpw@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
e0c6d97c · Cliff Wickman · Tony Luck · 9bedbcb2 · e0c6d97c
Commit e0c6d97c authored Jun 20, 2008 by Cliff Wickman Committed by Tony Luck Jun 20, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

arch/ia64/sn/kernel/sn2/sn2_smp.c arch/ia64/sn/kernel/sn2/sn2_smp.c +2 -0

No files found.
--- a/arch/ia64/sn/kernel/sn2/sn2_smp.c
+++ b/arch/ia64/sn/kernel/sn2/sn2_smp.c
@@ -512,6 +512,8 @@ static ssize_t sn2_ptc_proc_write(struct file *file, const char __user *user, si
 	int cpu;
 	char optstr[64];

+	if (count > sizeof(optstr))
+		return -EINVAL;
 	if (copy_from_user(optstr, user, count))
 		return -EFAULT;
 	optstr[count - 1] = '\0';