Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-08 05:01:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

powerpc/pseries/lparcfg: Fix possible overflow are more than 1026

Browse Source 
need set '\0' for 'local_buffer'.

SPLPAR_MAXLENGTH is 1026, RTAS_DATA_BUF_SIZE is 4096. so the contents of
rtas_data_buf may truncated in memcpy.

if contents are really truncated.
  the splpar_strlen is more than 1026. the next while loop checking will
  not find the end of buffer. that will cause memory access violation.

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
This commit is contained in:
Chen Gang 2013-04-22 17:12:54 +00:00 committed by Benjamin Herrenschmidt
parent ebd004e4ed
commit 5676005acf
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
arch/powerpc/kernel/lparcfg.c
View File

@ -301,6 +301,7 @@ static void parse_system_parameter_string(struct seq_file *m)
__pa(rtas_data_buf), __pa(rtas_data_buf),
RTAS_DATA_BUF_SIZE); RTAS_DATA_BUF_SIZE);
memcpy(local_buffer, rtas_data_buf, SPLPAR_MAXLENGTH); memcpy(local_buffer, rtas_data_buf, SPLPAR_MAXLENGTH);
local_buffer[SPLPAR_MAXLENGTH - 1] = '\0';
spin_unlock(&rtas_data_buf_lock); spin_unlock(&rtas_data_buf_lock);
if (call_status != 0) { if (call_status != 0) {