Commit e0c6d97c authored by Cliff Wickman's avatar Cliff Wickman Committed by Tony Luck

[IA64] SN2: security hole in sn2_ptc_proc_write

Security hole in sn2_ptc_proc_write

It is possible to overrun a buffer with a write to this /proc file.
Signed-off-by: default avatarCliff Wickman <cpw@sgi.com>
Signed-off-by: default avatarTony Luck <tony.luck@intel.com>
parent 9bedbcb2
...@@ -512,6 +512,8 @@ static ssize_t sn2_ptc_proc_write(struct file *file, const char __user *user, si ...@@ -512,6 +512,8 @@ static ssize_t sn2_ptc_proc_write(struct file *file, const char __user *user, si
int cpu; int cpu;
char optstr[64]; char optstr[64];
if (count > sizeof(optstr))
return -EINVAL;
if (copy_from_user(optstr, user, count)) if (copy_from_user(optstr, user, count))
return -EFAULT; return -EFAULT;
optstr[count - 1] = '\0'; optstr[count - 1] = '\0';
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment