Commit 36137120 authored by Balbir Singh's avatar Balbir Singh Committed by Linus Torvalds

uml: boot broken due to buffer overrun

mconsole_init() passed 256 bytes as length in os_create_unix_socket, while
the sizeof UNIX_PATH_MAX is 108. This patch fixes that problem and avoids
a big overrun bug reported on UML bootup.

sockaddr_un.sun_path is UNIX_PATH_MAX long which causes the problem.
Reported-by: default avatarVikas K Managutte <vikki.km@gmail.com>
Reported-by: default avatarSarvesh Kumar Lal Das <skldas@gmail.com>
Signed-off-by: default avatarBalbir Singh <balbir@linux.vnet.ibm.com>
Reviewed-by: default avatarPekka Enberg <penberg@cs.helsinki.fi>
Reviewed-by: default avatarWANG Cong <wangcong@zeuux.org>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: <stable@kernel.org>		[please check with Jeff]
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 69fc208b
...@@ -16,6 +16,8 @@ ...@@ -16,6 +16,8 @@
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/syscalls.h> #include <linux/syscalls.h>
#include <linux/utsname.h> #include <linux/utsname.h>
#include <linux/socket.h>
#include <linux/un.h>
#include <linux/workqueue.h> #include <linux/workqueue.h>
#include <linux/mutex.h> #include <linux/mutex.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
...@@ -785,7 +787,7 @@ static int __init mconsole_init(void) ...@@ -785,7 +787,7 @@ static int __init mconsole_init(void)
/* long to avoid size mismatch warnings from gcc */ /* long to avoid size mismatch warnings from gcc */
long sock; long sock;
int err; int err;
char file[256]; char file[UNIX_PATH_MAX];
if (umid_file_name("mconsole", file, sizeof(file))) if (umid_file_name("mconsole", file, sizeof(file)))
return -1; return -1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment