ChangeSet 1.2231.1.154, 2005/03/28 19:59:17-08:00, [EMAIL PROTECTED]
[PATCH] mtrr: uaccess range checking fix
mtrr: prevent copy_from_user(to, from, -1) or (if that should
succeed somehow) write to line[-1] (on stack);
Signed-off-by: Randy Dunlap <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
if.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff -Nru a/arch/i386/kernel/cpu/mtrr/if.c b/arch/i386/kernel/cpu/mtrr/if.c
--- a/arch/i386/kernel/cpu/mtrr/if.c 2005-03-28 21:40:19 -08:00
+++ b/arch/i386/kernel/cpu/mtrr/if.c 2005-03-28 21:40:19 -08:00
@@ -98,16 +98,20 @@
unsigned long long base, size;
char *ptr;
char line[LINE_SIZE];
+ size_t linelen;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
+ if (!len)
+ return -EINVAL;
memset(line, 0, LINE_SIZE);
if (len > LINE_SIZE)
len = LINE_SIZE;
if (copy_from_user(line, buf, len - 1))
return -EFAULT;
- ptr = line + strlen(line) - 1;
- if (*ptr == '\n')
+ linelen = strlen(line);
+ ptr = line + linelen - 1;
+ if (linelen && *ptr == '\n')
*ptr = '\0';
if (!strncmp(line, "disable=", 8)) {
reg = simple_strtoul(line + 8, &ptr, 0);
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
