git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 232ba9d)
[PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user()
authorAdam B. Jerome <abj@novell.com>
Wed, 12 Jul 2006 16:03:07 +0000 (09:03 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Wed, 12 Jul 2006 19:52:55 +0000 (12:52 -0700)
Address a potential 'larger than buffer size' memory access by
clear_user().  Without this patch, this call to clear_user() can attempt to
clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by
read_kcore().

Signed-off-by: Adam B. Jerome <abj@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fs/proc/kcore.c patch | blob | history

diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 8d6d85d..6a984f6 100644 (file)
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -382,7 +382,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
                                 */
                                if (n) { 
                                        if (clear_user(buffer + tsz - n,
-                                                               tsz - n))
+                                                               n))
                                                return -EFAULT;
                                }
                        } else {
Pandora Kernel Repository