diff options
author | Adam B. Jerome <abj@novell.com> | 2006-07-12 12:03:07 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-07-12 15:52:55 -0400 |
commit | 0635170b544b01b46a81b4ac5cff5020ab59d1fc (patch) | |
tree | 743144ec50b98b1b16df6dfe1448584b946aae2e /fs/proc | |
parent | 232ba9dbd68bb084d5d90c511f207d18eae614da (diff) |
[PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user()
Address a potential 'larger than buffer size' memory access by
clear_user(). Without this patch, this call to clear_user() can attempt to
clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by
read_kcore().
Signed-off-by: Adam B. Jerome <abj@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/proc')
-rw-r--r-- | fs/proc/kcore.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index 8d6d85d7400f..6a984f64edd7 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c | |||
@@ -382,7 +382,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) | |||
382 | */ | 382 | */ |
383 | if (n) { | 383 | if (n) { |
384 | if (clear_user(buffer + tsz - n, | 384 | if (clear_user(buffer + tsz - n, |
385 | tsz - n)) | 385 | n)) |
386 | return -EFAULT; | 386 | return -EFAULT; |
387 | } | 387 | } |
388 | } else { | 388 | } else { |