[PATCH 001/001] /fs/proc/: 'larger than buffer size' memoryaccesses by clear_user()

From: Adam Jerome
Date: Mon Jul 10 2006 - 11:36:02 EST


From: Adam B. Jerome <abj@xxxxxxxxxx>

This patch addresses potential 'larger than buffer size' memory accesses by clear_user().
Without this patch, this call to clear_user() can attempt to clear too many (tsz) bytes
resulting in a wrong (-EFAULT) return code by read_kcore().
Signed-off-by: Adam B. Jerome <abj@xxxxxxxxxx>
---

I do not subscribe to the list. Please CC posted answers/comments CC me <abj@xxxxxxxxxx>.
Thanks; -adam

diff -urpN linux-2.6-git/fs/proc/kcore.c linux-2.6-cur/fs/proc/kcore.c
--- linux-2.6-git/fs/proc/kcore.c 2006-07-07 15:39:23.000000000 -0600
+++ linux-2.6-cur/fs/proc/kcore.c 2006-07-07 16:11:58.000000000 -0600
@@ -384,7 +384,7 @@ read_kcore(struct file *file, char __use
*/
if (n) {
if (clear_user(buffer + tsz - n,
- tsz - n))
+ n))
return -EFAULT;
}
} else {



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/