Halaman utama Jelajahi Bantuan
Daftar Masuk
phyus
/
linux-vybrid_public
8
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

[S390] sclp_async: potential buffer overflow

"len" hasn't been properly range checked so we shouldn't use it as an
array offset.  This can only be written to by root but it would still be
annoying to accidentally write more than 3 characters and corrupt your
memory.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Dan Carpenter 15 tahun lalu
induk
d7015c120e
melakukan
35ac734f72
1 mengubah file dengan 1 tambahan dan 1 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 1 1
      drivers/s390/char/sclp_async.c

+ 1 - 1
drivers/s390/char/sclp_async.c
Tampilan Berkas 

@@ -85,7 +85,7 @@ static int proc_handler_callhome(struct ctl_table *ctl, int write,
 
 		rc = copy_from_user(buf, buffer, sizeof(buf));
 
 		if (rc != 0)
 
 			return -EFAULT;
 
-		buf[len - 1] = '\0';
 
+		buf[sizeof(buf) - 1] = '\0';
 
 		if (strict_strtoul(buf, 0, &val) != 0)
 
 			return -EINVAL;
 
 		if (val != 0 && val != 1)