2.4.36-stable kernel tree
Revision | 27cd4ebe6d1443a74234f05f87b91b2b2f8878a1 (tree) |
---|---|
Zeit | 2006-06-21 22:40:43 |
Autor | Willy Tarreau <w@1wt....> |
Commiter | Marcelo Tosatti |
[PATCH] range checking for sleep states sent to /proc/acpi/sleep
A range checking is missing in acpi_system_write_sleep() in kernel
2.4, and writing a large integer value to /proc/acpi/sleep will cause
an oops. I could reproduce one this way :
Fix extracted from the PaX patch.
@@ -748,7 +748,7 @@ acpi_system_write_sleep ( | ||
748 | 748 | |
749 | 749 | state = simple_strtoul(state_string, NULL, 0); |
750 | 750 | |
751 | - if (!system->states[state]) | |
751 | + if (state >= ACPI_S_STATE_COUNT || !system->states[state]) | |
752 | 752 | return_VALUE(-ENODEV); |
753 | 753 | |
754 | 754 | /* |