From: dean gaudet Date: Fri, 28 Apr 2006 01:39:17 +0000 (-0700) Subject: [PATCH] off-by-1 in kernel/power/main.c X-Git-Tag: v2.6.17-rc4~134 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=47bb789973fed504e4711ec34e63b84e6cbfb4e8;p=linux-2.6-omap-h63xx.git [PATCH] off-by-1 in kernel/power/main.c There's an off-by-1 in kernel/power/main.c:state_store() ... if your kernel just happens to have some non-zero data at pm_states[PM_SUSPEND_MAX] (i.e. one past the end of the array) then it'll let you write anything you want to /sys/power/state and in response the box will enter S5. Signed-off-by: dean gaudet Acked-by: Pavel Machek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/kernel/power/main.c b/kernel/power/main.c index ee371f50cca..a6d9ef46009 100644 --- a/kernel/power/main.c +++ b/kernel/power/main.c @@ -272,7 +272,7 @@ static ssize_t state_store(struct subsystem * subsys, const char * buf, size_t n if (*s && !strncmp(buf, *s, len)) break; } - if (*s) + if (state < PM_SUSPEND_MAX && *s) error = enter_state(state); else error = -EINVAL;