[PATCH 3/5] powerpc/powernv: Check sysfs size before copying
Joel Stanley
joel at jms.id.au
Thu Apr 24 17:25:35 EST 2014
The sysparam code currently uses the userspace supplied number of
bytes when memcpy()ing in to a local 64-byte buffer.
Limit the maximum number of bytes by the size of the buffer.
---
arch/powerpc/platforms/powernv/opal-sysparam.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/powerpc/platforms/powernv/opal-sysparam.c b/arch/powerpc/platforms/powernv/opal-sysparam.c
index a363c53..21fdc0a 100644
--- a/arch/powerpc/platforms/powernv/opal-sysparam.c
+++ b/arch/powerpc/platforms/powernv/opal-sysparam.c
@@ -135,6 +135,10 @@ static ssize_t sys_param_store(struct kobject *kobj,
kobj_attr);
ssize_t ret;
+ /* MAX_PARAM_DATA_LEN is sizeof(param_data_buf) */
+ if (count > MAX_PARAM_DATA_LEN)
+ count = MAX_PARAM_DATA_LEN;
+
mutex_lock(&opal_sysparam_mutex);
memcpy(param_data_buf, buf, count);
ret = opal_set_sys_param(attr->param_id, attr->param_size,
--
1.9.1
More information about the Linuxppc-dev
mailing list