[patch] mtd: sanity check input

From: Dan Carpenter
Date: Wed Sep 08 2010 - 15:40:32 EST

Next message: Grant Likely: "Re: [MeeGo-Dev][PATCH] Topcliff: Update PCH_SPI driver to 2.6.35"
Previous message: Mauro Carvalho Chehab: "Re: [RESEND][PATCH 0/2] media, mfd: Add timberdale video-in driver"
Next in thread: Artem Bityutskiy: "Re: [patch] mtd: sanity check input"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If "ur_idx" is wrong we could go past the end of the array. The
"ur_idx" comes from root so it's not a huge deal, but adding a sanity
check makes the code more robust.

Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>

diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index a825002..9c00549 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -513,6 +513,9 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
if (get_user(ur_idx, &(ur->regionindex)))
return -EFAULT;

+ if (ur_idx >= mtd->numeraseregions)
+ return -EINVAL;
+
kr = &(mtd->eraseregions[ur_idx]);

if (put_user(kr->offset, &(ur->offset))
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Grant Likely: "Re: [MeeGo-Dev][PATCH] Topcliff: Update PCH_SPI driver to 2.6.35"
Previous message: Mauro Carvalho Chehab: "Re: [RESEND][PATCH 0/2] media, mfd: Add timberdale video-in driver"
Next in thread: Artem Bityutskiy: "Re: [patch] mtd: sanity check input"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]