[IA64] SN2: security hole in sn2_ptc_proc_write
Security hole in sn2_ptc_proc_write It is possible to overrun a buffer with a write to this /proc file. Signed-off-by: Cliff Wickman <cpw@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
This commit is contained in:
parent
9bedbcb207
commit
e0c6d97c65
|
@ -512,6 +512,8 @@ static ssize_t sn2_ptc_proc_write(struct file *file, const char __user *user, si
|
||||||
int cpu;
|
int cpu;
|
||||||
char optstr[64];
|
char optstr[64];
|
||||||
|
|
||||||
|
if (count > sizeof(optstr))
|
||||||
|
return -EINVAL;
|
||||||
if (copy_from_user(optstr, user, count))
|
if (copy_from_user(optstr, user, count))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
optstr[count - 1] = '\0';
|
optstr[count - 1] = '\0';
|
||||||
|
|
Loading…
Reference in New Issue