aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorEvgeny Kuznetsov <ext-eugeny.kuznetsov@nokia.com>2010-10-27 18:33:37 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2010-10-27 21:03:09 -0400
commitf4a2589feaef0a9b737a3e582b37ee96695bb25f (patch)
treeea5eb5c6f2c1f826893271b861d63272efd6546d /kernel
parent32a8cf235e2f192eb002755076994525cdbaa35a (diff)
cgroups: add check for strcpy destination string overflow
Function "strcpy" is used without check for maximum allowed source string length and could cause destination string overflow. Check for string length is added before using "strcpy". Function now is return error if source string length is more than a maximum. akpm: presently considered NotABug, but add the check for general future-safeness and robustness. Signed-off-by: Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@nokia.com> Acked-by: Paul Menage <menage@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/cgroup.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 3e6517e51fd3..5cf366965d0c 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1922,6 +1922,8 @@ static int cgroup_release_agent_write(struct cgroup *cgrp, struct cftype *cft,
1922 const char *buffer) 1922 const char *buffer)
1923{ 1923{
1924 BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX); 1924 BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
1925 if (strlen(buffer) >= PATH_MAX)
1926 return -EINVAL;
1925 if (!cgroup_lock_live_group(cgrp)) 1927 if (!cgroup_lock_live_group(cgrp))
1926 return -ENODEV; 1928 return -ENODEV;
1927 strcpy(cgrp->root->release_agent_path, buffer); 1929 strcpy(cgrp->root->release_agent_path, buffer);