summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorAdam B. Jerome <abj@novell.com>2006-07-12 18:03:07 +0200
committerLinus Torvalds <torvalds@g5.osdl.org>2006-07-12 21:52:55 +0200
commit0635170b544b01b46a81b4ac5cff5020ab59d1fc (patch)
tree743144ec50b98b1b16df6dfe1448584b946aae2e /fs
parent[PATCH] lockdep: annotate the sysfs i_mutex to be a separate class (diff)
downloadlinux-0635170b544b01b46a81b4ac5cff5020ab59d1fc.tar.xz
linux-0635170b544b01b46a81b4ac5cff5020ab59d1fc.zip
[PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user()
Address a potential 'larger than buffer size' memory access by clear_user(). Without this patch, this call to clear_user() can attempt to clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by read_kcore(). Signed-off-by: Adam B. Jerome <abj@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/proc/kcore.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 8d6d85d7400f..6a984f64edd7 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -382,7 +382,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
*/
if (n) {
if (clear_user(buffer + tsz - n,
- tsz - n))
+ n))
return -EFAULT;
}
} else {