forked from Minki/linux
PARISC: led.c - fix potential stack overflow in led_proc_write()
avoid potential stack overflow by correctly checking count parameter Reported-by: Ilja <ilja@netric.org> Signed-off-by: Helge Deller <deller@gmx.de> Acked-by: Kyle McMartin <kyle@mcmartin.ca> Cc: James E.J. Bottomley <jejb@parisc-linux.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
9fe6206f40
commit
4b4fd27c0b
@ -176,16 +176,18 @@ static ssize_t led_proc_write(struct file *file, const char *buf,
|
||||
size_t count, loff_t *pos)
|
||||
{
|
||||
void *data = PDE(file->f_path.dentry->d_inode)->data;
|
||||
char *cur, lbuf[count + 1];
|
||||
char *cur, lbuf[32];
|
||||
int d;
|
||||
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EACCES;
|
||||
|
||||
memset(lbuf, 0, count + 1);
|
||||
if (count >= sizeof(lbuf))
|
||||
count = sizeof(lbuf)-1;
|
||||
|
||||
if (copy_from_user(lbuf, buf, count))
|
||||
return -EFAULT;
|
||||
lbuf[count] = 0;
|
||||
|
||||
cur = lbuf;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user