This patch fixes a rawio buffer overflow:
--- 2.3.36/fs/iobuf.c Tue Oct 26 21:30:50 1999
+++ /tmp/iobuf.c Sat Jan 8 13:22:49 2000
@@ -88,7 +88,8 @@
return 0;
}
- memcpy (maplist, iobuf->maplist, wanted * sizeof(struct page **));
+ memcpy (maplist, iobuf->maplist,
+ iobuf->array_len * sizeof(struct page **));
if (iobuf->array_len > KIO_STATIC_PAGES)
kfree (iobuf->maplist);
This below is an incremental patch against 2.2.14aa1 for 2.2.x rawio
users:
--- 2.2.14aa1/fs/iobuf.c Sat Jan 8 01:32:06 2000
+++ 2.2.14aa2/fs/iobuf.c Sat Jan 8 13:32:52 2000
@@ -103,9 +103,12 @@
maplist = (struct page **) (pagelist + wanted);
bouncelist = pagelist + 2 * wanted;
- memcpy (pagelist, iobuf->pagelist, wanted * sizeof(unsigned long));
- memcpy (maplist, iobuf->maplist, wanted * sizeof(struct page **));
- memcpy (bouncelist, iobuf->bouncelist, wanted * sizeof(unsigned long));
+ memcpy (pagelist, iobuf->pagelist,
+ iobuf->array_len * sizeof(unsigned long));
+ memcpy (maplist, iobuf->maplist,
+ iobuf->array_len * sizeof(struct page **));
+ memcpy (bouncelist, iobuf->bouncelist,
+ iobuf->array_len * sizeof(unsigned long));
if (iobuf->array_len > KIO_STATIC_PAGES)
kfree (iobuf->pagelist);
Andrea
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:12 EST