aboutsummaryrefslogtreecommitdiffstats
path: root/arch/ia64/sn
diff options
context:
space:
mode:
authorCliff Wickman <cpw@sgi.com>2008-06-20 15:02:00 -0400
committerTony Luck <tony.luck@intel.com>2008-06-20 15:02:00 -0400
commite0c6d97c65e0784aade7e97b9411f245a6c543e7 (patch)
treedd860efd59feb48050598035301628b79b5b954f /arch/ia64/sn
parent9bedbcb207ed9a571b239231d99c8fd4a34ae24d (diff)
[IA64] SN2: security hole in sn2_ptc_proc_write
Security hole in sn2_ptc_proc_write It is possible to overrun a buffer with a write to this /proc file. Signed-off-by: Cliff Wickman <cpw@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Diffstat (limited to 'arch/ia64/sn')
-rw-r--r--arch/ia64/sn/kernel/sn2/sn2_smp.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/ia64/sn/kernel/sn2/sn2_smp.c b/arch/ia64/sn/kernel/sn2/sn2_smp.c
index 49d3120415eb..6dd886c5d860 100644
--- a/arch/ia64/sn/kernel/sn2/sn2_smp.c
+++ b/arch/ia64/sn/kernel/sn2/sn2_smp.c
@@ -512,6 +512,8 @@ static ssize_t sn2_ptc_proc_write(struct file *file, const char __user *user, si
512 int cpu; 512 int cpu;
513 char optstr[64]; 513 char optstr[64];
514 514
515 if (count > sizeof(optstr))
516 return -EINVAL;
515 if (copy_from_user(optstr, user, count)) 517 if (copy_from_user(optstr, user, count))
516 return -EFAULT; 518 return -EFAULT;
517 optstr[count - 1] = '\0'; 519 optstr[count - 1] = '\0';