From: Greg Kroah-Hartman Date: Tue, 3 Aug 2010 23:34:14 +0000 (-0700) Subject: .27 patches X-Git-Tag: v2.6.27.50~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b6e077bd1935098cae1c7ca0805eca43722b8ad;p=thirdparty%2Fkernel%2Fstable-queue.git .27 patches --- diff --git a/queue-2.6.27/parisc-led.c-fix-potential-stack-overflow-in-led_proc_write.patch b/queue-2.6.27/parisc-led.c-fix-potential-stack-overflow-in-led_proc_write.patch new file mode 100644 index 00000000000..c8666161c8d --- /dev/null +++ b/queue-2.6.27/parisc-led.c-fix-potential-stack-overflow-in-led_proc_write.patch @@ -0,0 +1,45 @@ +From 4b4fd27c0b5ec638a1f06ced9226fd95229dbbf0 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Mon, 2 Aug 2010 22:46:41 +0200 +Subject: PARISC: led.c - fix potential stack overflow in led_proc_write() + +From: Helge Deller + +commit 4b4fd27c0b5ec638a1f06ced9226fd95229dbbf0 upstream. + +avoid potential stack overflow by correctly checking count parameter + +Reported-by: Ilja +Signed-off-by: Helge Deller +Acked-by: Kyle McMartin +Cc: James E.J. Bottomley +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/parisc/led.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/parisc/led.c ++++ b/drivers/parisc/led.c +@@ -182,16 +182,18 @@ static int led_proc_read(char *page, cha + static int led_proc_write(struct file *file, const char *buf, + unsigned long count, void *data) + { +- char *cur, lbuf[count + 1]; ++ char *cur, lbuf[32]; + int d; + + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + +- memset(lbuf, 0, count + 1); ++ if (count >= sizeof(lbuf)) ++ count = sizeof(lbuf)-1; + + if (copy_from_user(lbuf, buf, count)) + return -EFAULT; ++ lbuf[count] = 0; + + cur = lbuf; + diff --git a/queue-2.6.27/series b/queue-2.6.27/series index e69de29bb2d..323477b7103 100644 --- a/queue-2.6.27/series +++ b/queue-2.6.27/series @@ -0,0 +1 @@ +parisc-led.c-fix-potential-stack-overflow-in-led_proc_write.patch