[IA64] SN2: security hole in sn2_ptc_proc_write Security hole in sn2_ptc_proc_write It is possible to overrun a buffer with a write to this /proc file. Signed-off-by: Cliff Wickman <cpw@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>

commit: e0c6d97c65e0784aade7e97b9411f245a6c543e7 [log] [tgz]
author: Cliff Wickman <cpw@sgi.com> Fri Jun 20 12:02:00 2008 -0700
committer: Tony Luck <tony.luck@intel.com> Fri Jun 20 12:02:00 2008 -0700
tree: dd860efd59feb48050598035301628b79b5b954f
parent: 9bedbcb207ed9a571b239231d99c8fd4a34ae24d [diff] [blame]
diff --git a/arch/ia64/sn/kernel/sn2/sn2_smp.c b/arch/ia64/sn/kernel/sn2/sn2_smp.c
index 49d3120..6dd886c 100644
--- a/arch/ia64/sn/kernel/sn2/sn2_smp.c
+++ b/arch/ia64/sn/kernel/sn2/sn2_smp.c

@@ -512,6 +512,8 @@
 	int cpu;
 	char optstr[64];
 
+	if (count > sizeof(optstr))
+		return -EINVAL;
 	if (copy_from_user(optstr, user, count))
 		return -EFAULT;
 	optstr[count - 1] = '\0';
commit	e0c6d97c65e0784aade7e97b9411f245a6c543e7	[log] [tgz]
author	Cliff Wickman <cpw@sgi.com>	Fri Jun 20 12:02:00 2008 -0700
committer	Tony Luck <tony.luck@intel.com>	Fri Jun 20 12:02:00 2008 -0700
tree	dd860efd59feb48050598035301628b79b5b954f
parent	9bedbcb207ed9a571b239231d99c8fd4a34ae24d [diff] [blame]