openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Staging: silicom: add some range checks to proc functions 

If you tried to cat more than 255 characters (the last character is for
the terminator) to these proc files then it would corrupt kernel memory.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Cotey <puff65537@bansheeslibrary.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Dan Carpenter 2012-09-14 09:56:00 +03:00 committed by Greg Kroah-Hartman
parent a09b027882
commit e4c536b72f
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
drivers/staging/silicom/bp_mod.c
View File

@ -8227,6 +8227,9 @@ set_dis_bypass_pfs(struct file *file, const char *buffer,
int bypass_param = 0, length = 0;
if (count >= sizeof(kbuf))
return -EINVAL;
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
@ -8256,6 +8259,9 @@ set_dis_tap_pfs(struct file *file, const char *buffer,
int tap_param = 0, length = 0;
if (count >= sizeof(kbuf))
return -EINVAL;
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
@ -8285,6 +8291,9 @@ set_dis_disc_pfs(struct file *file, const char *buffer,
int tap_param = 0, length = 0;
if (count >= sizeof(kbuf))
return -EINVAL;
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
@ -8374,6 +8383,9 @@ set_bypass_pwup_pfs(struct file *file, const char *buffer,
int bypass_param = 0, length = 0;
if (count >= sizeof(kbuf))
return -EINVAL;
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
@ -8403,6 +8415,9 @@ set_bypass_pwoff_pfs(struct file *file, const char *buffer,
int bypass_param = 0, length = 0;
if (count >= sizeof(kbuf))
return -EINVAL;
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
@ -8432,6 +8447,9 @@ set_tap_pwup_pfs(struct file *file, const char *buffer,
int tap_param = 0, length = 0;
if (count >= sizeof(kbuf))
return -EINVAL;
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
@ -8461,6 +8479,9 @@ set_disc_pwup_pfs(struct file *file, const char *buffer,
int tap_param = 0, length = 0;
if (count >= sizeof(kbuf))
return -EINVAL;
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
@ -8570,6 +8591,9 @@ set_std_nic_pfs(struct file *file, const char *buffer,
int bypass_param = 0, length = 0;
if (count >= sizeof(kbuf))
return -EINVAL;
if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}