Forgive me if I guess wrongly, but patch-2.4.5.log says of -pre3:
- Al Viro: sanity-check user arguments, zero-terminated strings etc.
from which I assume you made the proc_scsi_gen_write() mod below.
I'm not sure what it ought to say instead, but I believe the "else"
case is wrong: buffer[length] is in that case buffer[PAGE_SIZE],
just beyond the end of the page we have allocated.
Hugh
--- v2.4.4/linux/drivers/scsi/scsi.c Wed Apr 25 16:18:54 2001
+++ linux/drivers/scsi/scsi.c Tue May 15 01:29:34 2001
@@ -1572,6 +1572,11 @@
copy_from_user(buffer, buf, length);
err = -EINVAL;
+ if (length < PAGE_SIZE)
+ buffer[length] ='\0';
+ else if (buffer[length])
+ goto out;
+
if (length < 11 || strncmp("scsi", buffer, 4))
goto out;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/