首页 发现 帮助
注册 登录
phyus
/
linux-vybrid_public
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

Staging: silicom: add some range checks to proc functions

If you tried to cat more than 255 characters (the last character is for
the terminator) to these proc files then it would corrupt kernel memory.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Cotey <puff65537@bansheeslibrary.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dan Carpenter 12 年之前
父节点
a09b027882
当前提交
e4c536b72f
共有 1 个文件被更改,包括 24 次插入0 次删除
分列视图 显示文件统计
  1. 24 0
      drivers/staging/silicom/bp_mod.c

+ 24 - 0
drivers/staging/silicom/bp_mod.c
查看文件 

@@ -8227,6 +8227,9 @@ set_dis_bypass_pfs(struct file *file, const char *buffer,
 
 
 	int bypass_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8256,6 +8259,9 @@ set_dis_tap_pfs(struct file *file, const char *buffer,
 
 
 	int tap_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8285,6 +8291,9 @@ set_dis_disc_pfs(struct file *file, const char *buffer,
 
 
 	int tap_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8374,6 +8383,9 @@ set_bypass_pwup_pfs(struct file *file, const char *buffer,
 
 
 	int bypass_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8403,6 +8415,9 @@ set_bypass_pwoff_pfs(struct file *file, const char *buffer,
 
 
 	int bypass_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8432,6 +8447,9 @@ set_tap_pwup_pfs(struct file *file, const char *buffer,
 
 
 	int tap_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8461,6 +8479,9 @@ set_disc_pwup_pfs(struct file *file, const char *buffer,
 
 
 	int tap_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8570,6 +8591,9 @@ set_std_nic_pfs(struct file *file, const char *buffer,
 
 
 	int bypass_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}