Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

powerpc/pseries/lparcfg: Fix possible overflow are more than 1026

need set '\0' for 'local_buffer'.

SPLPAR_MAXLENGTH is 1026, RTAS_DATA_BUF_SIZE is 4096. so the contents of
rtas_data_buf may truncated in memcpy.

if contents are really truncated.
  the splpar_strlen is more than 1026. the next while loop checking will
  not find the end of buffer. that will cause memory access violation.

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Chen Gang 12 years ago
parent
ebd004e4ed
commit
5676005acf
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      arch/powerpc/kernel/lparcfg.c

+ 1 - 0
arch/powerpc/kernel/lparcfg.c
View File 

@@ -301,6 +301,7 @@ static void parse_system_parameter_string(struct seq_file *m)
 
 				__pa(rtas_data_buf),
 
 				RTAS_DATA_BUF_SIZE);
 
 	memcpy(local_buffer, rtas_data_buf, SPLPAR_MAXLENGTH);
 
+	local_buffer[SPLPAR_MAXLENGTH - 1] = '\0';
 
 	spin_unlock(&rtas_data_buf_lock);
 
 
 	if (call_status != 0) {