Staging: silicom: add some range checks to proc functions

If you tried to cat more than 255 characters (the last character is for the terminator) to these proc files then it would corrupt kernel memory. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Daniel Cotey <puff65537@bansheeslibrary.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Staging: silicom: add some range checks to proc functions
If you tried to cat more than 255 characters (the last character is for the terminator) to these proc files then it would corrupt kernel memory. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Daniel Cotey <puff65537@bansheeslibrary.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
e4c536b7 · Dan Carpenter · Greg Kroah-Hartman · a09b0278 · e4c536b7
Commit e4c536b7 authored Sep 14, 2012 by Dan Carpenter Committed by Greg Kroah-Hartman Sep 17, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 0 deletions

drivers/staging/silicom/bp_mod.c drivers/staging/silicom/bp_mod.c +24 -0

No files found.
--- a/drivers/staging/silicom/bp_mod.c
+++ b/drivers/staging/silicom/bp_mod.c
@@ -8227,6 +8227,9 @@ set_dis_bypass_pfs(struct file *file, const char *buffer,

 	int bypass_param = 0, length = 0;

+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8256,6 +8259,9 @@ set_dis_tap_pfs(struct file *file, const char *buffer,

 	int tap_param = 0, length = 0;

+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8285,6 +8291,9 @@ set_dis_disc_pfs(struct file *file, const char *buffer,

 	int tap_param = 0, length = 0;

+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8374,6 +8383,9 @@ set_bypass_pwup_pfs(struct file *file, const char *buffer,

 	int bypass_param = 0, length = 0;

+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8403,6 +8415,9 @@ set_bypass_pwoff_pfs(struct file *file, const char *buffer,

 	int bypass_param = 0, length = 0;

+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8432,6 +8447,9 @@ set_tap_pwup_pfs(struct file *file, const char *buffer,

 	int tap_param = 0, length = 0;

+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8461,6 +8479,9 @@ set_disc_pwup_pfs(struct file *file, const char *buffer,

 	int tap_param = 0, length = 0;

+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8570,6 +8591,9 @@ set_std_nic_pfs(struct file *file, const char *buffer,

 	int bypass_param = 0, length = 0;

+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}