leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PARISC: led.c - fix potential stack overflow in led_proc_write()

Browse Source 
avoid potential stack overflow by correctly checking count parameter

Reported-by: Ilja <ilja@netric.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Acked-by: Kyle McMartin <kyle@mcmartin.ca>
Cc: James E.J. Bottomley <jejb@parisc-linux.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Helge Deller 2010-08-02 22:46:41 +02:00 committed by Linus Torvalds
parent 9fe6206f40
commit 4b4fd27c0b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/parisc/led.c
View File

@ -176,16 +176,18 @@ static ssize_t led_proc_write(struct file *file, const char *buf,
size_t count, loff_t *pos)
{
void *data = PDE(file->f_path.dentry->d_inode)->data;
char *cur, lbuf[count + 1];
char *cur, lbuf[32];
int d;
if (!capable(CAP_SYS_ADMIN))
return -EACCES;
memset(lbuf, 0, count + 1);
if (count >= sizeof(lbuf))
count = sizeof(lbuf)-1;
if (copy_from_user(lbuf, buf, count))
return -EFAULT;
lbuf[count] = 0;
cur = lbuf;