diff options
| author | Chen Gong <gong.chen@linux.intel.com> | 2011-05-16 14:01:39 -0400 |
|---|---|---|
| committer | Tony Luck <tony.luck@intel.com> | 2011-05-16 14:05:08 -0400 |
| commit | f5ec25deb2471bd49e907ab2f9ef6f860eb7cf95 (patch) | |
| tree | c94504da49380911bef27f492e876ff19eb8a4b7 /drivers/acpi | |
| parent | 06cf91b4b4aafa50ee0a94c81d2c6922a18af242 (diff) | |
pstore: fix potential logic issue in pstore read interface
1) in the calling of erst_read, the parameter of buffer size
maybe overflows and cause crash
2) the return value of erst_read should be checked more strictly
Signed-off-by: Chen Gong <gong.chen@linux.intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Diffstat (limited to 'drivers/acpi')
| -rw-r--r-- | drivers/acpi/apei/erst.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/drivers/acpi/apei/erst.c b/drivers/acpi/apei/erst.c index ddb68c4f8d3e..e6cef8e1b534 100644 --- a/drivers/acpi/apei/erst.c +++ b/drivers/acpi/apei/erst.c | |||
| @@ -1006,7 +1006,14 @@ skip: | |||
| 1006 | } | 1006 | } |
| 1007 | 1007 | ||
| 1008 | len = erst_read(record_id, &rcd->hdr, sizeof(*rcd) + | 1008 | len = erst_read(record_id, &rcd->hdr, sizeof(*rcd) + |
| 1009 | erst_erange.size); | 1009 | erst_info.bufsize); |
| 1010 | /* The record may be cleared by others, try read next record */ | ||
| 1011 | if (len == -ENOENT) | ||
| 1012 | goto skip; | ||
| 1013 | else if (len < 0) { | ||
| 1014 | rc = -1; | ||
| 1015 | goto out; | ||
| 1016 | } | ||
| 1010 | if (uuid_le_cmp(rcd->hdr.creator_id, CPER_CREATOR_PSTORE) != 0) | 1017 | if (uuid_le_cmp(rcd->hdr.creator_id, CPER_CREATOR_PSTORE) != 0) |
| 1011 | goto skip; | 1018 | goto skip; |
| 1012 | 1019 | ||