[PATCH] fix for buffer limit for long in sysctl.c

[Stephane Eranian]

Andrew,

We discovered a bug in the do_proc_doulongvec_minmax() routine.
The buffer is too short by one byte. A 64-bit number expressed 
in decimal uses 20 bytes. The size of the buffer was set to 20. 
The following patch relative to 2.6.7 fixes the problem. For 
consistency reason, a length of 21 is used for both int and 
long parsers.

change-log:
	fix a bug in do_proc_doulongvec_minmax() where the
	the string buffer was too short to parse a 64-bit number
	expressed in decimal. That was causing problems with entries
	in  /proc/sys using long and allowing large number (such as -1)

signed-off-by: Stephane Eranian <eranian@xxxxxxxxxx>

===== kernel/sysctl.c 1.65 vs edited =====
--- 1.65/kernel/sysctl.c        2004-06-16 21:12:21 -07:00
+++ edited/kernel/sysctl.c      2004-07-15 14:38:34 -07:00
@@ -1442,7 +1442,7 @@
                              int write, void *data),
                  void *data)
 {
-#define TMPBUFLEN 20
+#define TMPBUFLEN 21
        int *i, vleft, first=1, neg, val;
        unsigned long lval;
        size_t left, len;
@@ -1682,7 +1682,7 @@
                                     unsigned long convmul,
                                     unsigned long convdiv)
 {
-#define TMPBUFLEN 20
+#define TMPBUFLEN 21
        unsigned long *i, *min, *max, val;
        int vleft, first=1, neg;
        size_t len, left;

-- 

-Stephane
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/