.27 patches

diff --git a/queue-2.6.27/parisc-led.c-fix-potential-stack-overflow-in-led_proc_write.patch b/queue-2.6.27/parisc-led.c-fix-potential-stack-overflow-in-led_proc_write.patch
new file mode 100644 (file)
index 0000000..c866616
--- /dev/null
+++ b/queue-2.6.27/parisc-led.c-fix-potential-stack-overflow-in-led_proc_write.patch
@@ -0,0 +1,45 @@
+From 4b4fd27c0b5ec638a1f06ced9226fd95229dbbf0 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Mon, 2 Aug 2010 22:46:41 +0200
+Subject: PARISC: led.c - fix potential stack overflow in led_proc_write()
+
+From: Helge Deller <deller@gmx.de>
+
+commit 4b4fd27c0b5ec638a1f06ced9226fd95229dbbf0 upstream.
+
+avoid potential stack overflow by correctly checking count parameter
+
+Reported-by: Ilja <ilja@netric.org>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Acked-by: Kyle McMartin <kyle@mcmartin.ca>
+Cc: James E.J. Bottomley <jejb@parisc-linux.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/parisc/led.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/parisc/led.c
++++ b/drivers/parisc/led.c
+@@ -182,16 +182,18 @@ static int led_proc_read(char *page, cha
+ static int led_proc_write(struct file *file, const char *buf, 
+       unsigned long count, void *data)
+ {
+-      char *cur, lbuf[count + 1];
++      char *cur, lbuf[32];
+       int d;
+ 
+       if (!capable(CAP_SYS_ADMIN))
+               return -EACCES;
+ 
+-      memset(lbuf, 0, count + 1);
++      if (count >= sizeof(lbuf))
++              count = sizeof(lbuf)-1;
+ 
+       if (copy_from_user(lbuf, buf, count))
+               return -EFAULT;
++      lbuf[count] = 0;
+ 
+       cur = lbuf;
+ 

diff --git a/queue-2.6.27/series b/queue-2.6.27/series
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..323477b71031e0cc9b84b9c82e6b289f0383e8b9 100644 (file)
--- a/queue-2.6.27/series
+++ b/queue-2.6.27/series
@@ -0,0 +1 @@
+parisc-led.c-fix-potential-stack-overflow-in-led_proc_write.patch