summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
a09b027)
If you tried to cat more than 255 characters (the last character is for
the terminator) to these proc files then it would corrupt kernel memory.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Cotey <puff65537@bansheeslibrary.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
int bypass_param = 0, length = 0;
int bypass_param = 0, length = 0;
+ if (count >= sizeof(kbuf))
+ return -EINVAL;
+
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
int tap_param = 0, length = 0;
int tap_param = 0, length = 0;
+ if (count >= sizeof(kbuf))
+ return -EINVAL;
+
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
int tap_param = 0, length = 0;
int tap_param = 0, length = 0;
+ if (count >= sizeof(kbuf))
+ return -EINVAL;
+
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
int bypass_param = 0, length = 0;
int bypass_param = 0, length = 0;
+ if (count >= sizeof(kbuf))
+ return -EINVAL;
+
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
int bypass_param = 0, length = 0;
int bypass_param = 0, length = 0;
+ if (count >= sizeof(kbuf))
+ return -EINVAL;
+
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
int tap_param = 0, length = 0;
int tap_param = 0, length = 0;
+ if (count >= sizeof(kbuf))
+ return -EINVAL;
+
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
int tap_param = 0, length = 0;
int tap_param = 0, length = 0;
+ if (count >= sizeof(kbuf))
+ return -EINVAL;
+
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
int bypass_param = 0, length = 0;
int bypass_param = 0, length = 0;
+ if (count >= sizeof(kbuf))
+ return -EINVAL;
+
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}