From: Cliff Wickman Date: Fri, 20 Jun 2008 19:02:00 +0000 (-0700) Subject: [IA64] SN2: security hole in sn2_ptc_proc_write X-Git-Tag: v2.6.26-rc8~25^2 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=e0c6d97c65e0784aade7e97b9411f245a6c543e7;p=linux-2.6-omap-h63xx.git [IA64] SN2: security hole in sn2_ptc_proc_write Security hole in sn2_ptc_proc_write It is possible to overrun a buffer with a write to this /proc file. Signed-off-by: Cliff Wickman Signed-off-by: Tony Luck --- diff --git a/arch/ia64/sn/kernel/sn2/sn2_smp.c b/arch/ia64/sn/kernel/sn2/sn2_smp.c index 49d3120415e..6dd886c5d86 100644 --- a/arch/ia64/sn/kernel/sn2/sn2_smp.c +++ b/arch/ia64/sn/kernel/sn2/sn2_smp.c @@ -512,6 +512,8 @@ static ssize_t sn2_ptc_proc_write(struct file *file, const char __user *user, si int cpu; char optstr[64]; + if (count > sizeof(optstr)) + return -EINVAL; if (copy_from_user(optstr, user, count)) return -EFAULT; optstr[count - 1] = '\0';