Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Staging: silicom: add some range checks to proc functions

If you tried to cat more than 255 characters (the last character is for
the terminator) to these proc files then it would corrupt kernel memory.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Cotey <puff65537@bansheeslibrary.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dan Carpenter 13 years ago
parent
a09b027882
commit
e4c536b72f
1 changed files with 24 additions and 0 deletions
Split View Show Diff Stats
  1. 24 0
      drivers/staging/silicom/bp_mod.c

+ 24 - 0
drivers/staging/silicom/bp_mod.c
View File 

@@ -8227,6 +8227,9 @@ set_dis_bypass_pfs(struct file *file, const char *buffer,
 
 
 	int bypass_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8256,6 +8259,9 @@ set_dis_tap_pfs(struct file *file, const char *buffer,
 
 
 	int tap_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8285,6 +8291,9 @@ set_dis_disc_pfs(struct file *file, const char *buffer,
 
 
 	int tap_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8374,6 +8383,9 @@ set_bypass_pwup_pfs(struct file *file, const char *buffer,
 
 
 	int bypass_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8403,6 +8415,9 @@ set_bypass_pwoff_pfs(struct file *file, const char *buffer,
 
 
 	int bypass_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8432,6 +8447,9 @@ set_tap_pwup_pfs(struct file *file, const char *buffer,
 
 
 	int tap_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8461,6 +8479,9 @@ set_disc_pwup_pfs(struct file *file, const char *buffer,
 
 
 	int tap_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}
 
@@ -8570,6 +8591,9 @@ set_std_nic_pfs(struct file *file, const char *buffer,
 
 
 	int bypass_param = 0, length = 0;
 
 
+	if (count >= sizeof(kbuf))
 
+		return -EINVAL;
 
+
 
 	if (copy_from_user(&kbuf, buffer, count)) {
 
 		return -1;
 
 	}