[PATCH] PCI Hotplug core bugfix

Greg KH (greg@kroah.com)
Mon, 19 Nov 2001 22:19:03 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Joe: "Re: 2.4.14 cpia driver IS broke"
Previous message: H. Peter Anvin: "Re: Linux can use a mountpoint for 2 Filesystems"

Hi,

Here's a patch against 2.4.15-pre7 that fixes a potential overflow
problem in the PCI Hotplug core code. Thanks to Andrew Morton for
pointing this out to me.

thanks,

greg k-h

diff --minimal -Nru a/drivers/hotplug/pci_hotplug_core.c b/drivers/hotplug/pci_hotplug_core.c
--- a/drivers/hotplug/pci_hotplug_core.c Mon Nov 19 20:55:21 2001
+++ b/drivers/hotplug/pci_hotplug_core.c Mon Nov 19 20:55:21 2001
@@ -622,7 +622,7 @@
static ssize_t power_write_file (struct file *file, const char *ubuff, size_t count, loff_t *offset)
{
struct hotplug_slot *slot = file->private_data;
- const char *buff;
+ char *buff;
unsigned long lpower;
u8 power;
int retval = 0;
@@ -639,10 +639,11 @@
return -ENODEV;
}

- buff = kmalloc (count, GFP_KERNEL);
+ buff = kmalloc (count + 1, GFP_KERNEL);
if (!buff)
return -ENOMEM;
-
+ memset (buff, 0x00, count + 1);
+
if (copy_from_user ((void *)buff, (void *)ubuff, count)) {
retval = -EFAULT;
goto exit;
@@ -732,7 +733,7 @@
static ssize_t attention_write_file (struct file *file, const char *ubuff, size_t count, loff_t *offset)
{
struct hotplug_slot *slot = file->private_data;
- const char *buff;
+ char *buff;
unsigned long lattention;
u8 attention;
int retval = 0;
@@ -749,9 +750,10 @@
return -ENODEV;
}

- buff = kmalloc (count, GFP_KERNEL);
+ buff = kmalloc (count + 1, GFP_KERNEL);
if (!buff)
return -ENOMEM;
+ memset (buff, 0x00, count + 1);

if (copy_from_user ((void *)buff, (void *)ubuff, count)) {
retval = -EFAULT;
@@ -868,7 +870,7 @@
static ssize_t test_write_file (struct file *file, const char *ubuff, size_t count, loff_t *offset)
{
struct hotplug_slot *slot = file->private_data;
- const char *buff;
+ char *buff;
unsigned long ltest;
u32 test;
int retval = 0;
@@ -885,9 +887,10 @@
return -ENODEV;
}

- buff = kmalloc (count, GFP_KERNEL);
+ buff = kmalloc (count + 1, GFP_KERNEL);
if (!buff)
return -ENOMEM;
+ memset (buff, 0x00, count + 1);

if (copy_from_user ((void *)buff, (void *)ubuff, count)) {
retval = -EFAULT;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe: "Re: 2.4.14 cpia driver IS broke"
Previous message: H. Peter Anvin: "Re: Linux can use a mountpoint for 2 Filesystems"