Commit f6d20b8135e0c1ca73e8ae329be47d43be261c0b introduces a subtle buffer
overflow by storing each pool resize request in a buffer without checking
against the buffer size. This patch makes a check against array size and
ignores all pool resize requests after the first POOL_MAX.
Signed-off-by: Eric B Munson <ebmun...@us.ibm.com>
---
Changes from V1:
-Fix problem that skipped index 0 if adjust arrays.
hugeadm.c | 17 +++++++++++++++--
1 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/hugeadm.c b/hugeadm.c
index e1faefb..94b1386 100644
--- a/hugeadm.c
+++ b/hugeadm.c
@@ -852,7 +852,13 @@ int main(int argc, char** argv)
break;
case LONG_POOL_MIN_ADJ:
- opt_min_adj[minadj_count++] = optarg;
+ if (minadj_count == MAX_POOLS) {
+ WARNING("Attempting to adjust an invalid "
+ "pool or a pool multiple times, "
+ "ignoring request: '%s'\n", optarg);
+ } else {
+ opt_min_adj[minadj_count++] = optarg;
+ }
break;
case LONG_POOL_MAX_ADJ:
@@ -861,7 +867,14 @@ int main(int argc, char** argv)
"max cannot be adjusted\n");
exit(EXIT_FAILURE);
}
- opt_max_adj[maxadj_count++] = optarg;
+
+ if (maxadj_count == MAX_POOLS) {
+ WARNING("Attempting to adjust an invalid "
+ "pool or a pool multiple times, "
+ "ignoring request: '%s'\n", optarg);
+ } else {
+ opt_max_adj[maxadj_count++] = optarg;
+ }
break;
case LONG_MOVABLE_ENABLE:
--
1.6.1.2
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Libhugetlbfs-devel mailing list
Libhugetlbfs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libhugetlbfs-devel
