• R/O
  • HTTP
  • SSH
  • HTTPS

linux-2.4.36: Commit

2.4.36-stable kernel tree


Commit MetaInfo

Revision6ab2cfa4f0a04c11932af701b5437879dd14d8bb (tree)
Zeit2007-11-12 02:43:41
Autordann frazier <dannf@dann...>
CommiterWilly Tarreau

Log Message

[PATCH 3/4] [OpenPROM] Prevent overflow of sprintf buffer

This patch fixes a few potential overflows, originally submitted to 2.5 by
Dave Miller:

Signed-off-by: dann frazier <dannf@hp.com>

Ändern Zusammenfassung

Diff

--- a/fs/openpromfs/inode.c
+++ b/fs/openpromfs/inode.c
@@ -285,24 +285,27 @@ static ssize_t property_read(struct file *filp, char *buf,
285285 k += count;
286286
287287 } else if (op->flag & OPP_HEXSTRING) {
288- char buffer[2];
288+ char buffer[3];
289289
290290 if ((k < i - 1) && (k & 1)) {
291- sprintf (buffer, "%02x", *(op->value + (k >> 1)));
291+ sprintf (buffer, "%02x",
292+ (unsigned char) *(op->value + (k >> 1)) & 0xff);
292293 if (put_user(buffer[1], &buf[k++ - pos]))
293294 return -EFAULT;
294295 count--;
295296 }
296297
297298 for (; (count > 1) && (k < i - 1); k += 2) {
298- sprintf (buffer, "%02x", *(op->value + (k >> 1)));
299+ sprintf (buffer, "%02x",
300+ (unsigned char) *(op->value + (k >> 1)) & 0xff);
299301 if (copy_to_user (buf + k - pos, buffer, 2))
300302 return -EFAULT;
301303 count -= 2;
302304 }
303305
304306 if (count && (k < i - 1)) {
305- sprintf (buffer, "%02x", *(op->value + (k >> 1)));
307+ sprintf (buffer, "%02x",
308+ (unsigned char) *(op->value + (k >> 1)) & 0xff);
306309 if (put_user(buffer[0], &buf[k++ - pos]))
307310 return -EFAULT;
308311 count--;
Show on old repository browser