[PATCH-2.4] range checking for sleep states sent to /proc/acpi/sleep

From: Willy Tarreau
Date: Tue Jun 20 2006 - 18:46:42 EST

Next message: Randy.Dunlap: "Re: [patch -mm 20/20 RFC] chardev: GPIO for SCx200 & PC-8736x: addsysfs-GPIO interface"
Previous message: Roland Dreier: "Re: [discuss] Re: [RFC] Whitelist chipsets supporting MSI and check Hyper-transport capabilitiesKJ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

A range checking is missing in acpi_system_write_sleep() in kernel
2.4, and writing a large integer value to /proc/acpi/sleep will cause
an oops. I could reproduce one this way :

# echo 0x800000 >/proc/acpi/sleep

Fix extracted from the PaX patch.

Cheers,
Willy

---

drivers/acpi/system.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

3cae76269fd00aa352255d872c8f461472ef8b56
diff --git a/drivers/acpi/system.c b/drivers/acpi/system.c
index a1e018c..26f7b68 100644
--- a/drivers/acpi/system.c
+++ b/drivers/acpi/system.c
@@ -748,7 +748,7 @@ acpi_system_write_sleep (

state = simple_strtoul(state_string, NULL, 0);

- if (!system->states[state])
+ if (state >= ACPI_S_STATE_COUNT || !system->states[state])
return_VALUE(-ENODEV);

/*
--
1.3.3

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Randy.Dunlap: "Re: [patch -mm 20/20 RFC] chardev: GPIO for SCx200 & PC-8736x: addsysfs-GPIO interface"
Previous message: Roland Dreier: "Re: [discuss] Re: [RFC] Whitelist chipsets supporting MSI and check Hyper-transport capabilitiesKJ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]