Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

powerpc/powernv: Check sysfs size before copying

The sysparam code currently uses the userspace supplied number of
bytes when memcpy()ing in to a local 64-byte buffer.

Limit the maximum number of bytes by the size of the buffer.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Joel Stanley 11 years ago
parent
b8569d2304
commit
85390378f0
1 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      arch/powerpc/platforms/powernv/opal-sysparam.c

+ 4 - 0
arch/powerpc/platforms/powernv/opal-sysparam.c
View File 

@@ -135,6 +135,10 @@ static ssize_t sys_param_store(struct kobject *kobj,
 
 			kobj_attr);
 
 	ssize_t ret;
 
 
+        /* MAX_PARAM_DATA_LEN is sizeof(param_data_buf) */
 
+        if (count > MAX_PARAM_DATA_LEN)
 
+                count = MAX_PARAM_DATA_LEN;
 
+
 
 	mutex_lock(&opal_sysparam_mutex);
 
 	memcpy(param_data_buf, buf, count);
 
 	ret = opal_set_sys_param(attr->param_id, attr->param_size,