[PATCH] proc: fix unterminated string
From: Alan Cox
Date: Mon Sep 17 2012 - 06:30:55 EST
From: Alan Cox <alan@xxxxxxxxxxxxxxx>
oom_score_adj_write doesn't terminate the string as it should. Also fix
sched_autogroup_write and other copy/pastes of the bug.
Signed-off-by: Alan Cox <alan@xxxxxxxxxxxxxxx>
Cc: Horses <stable@xxxxxxxxxxxxxxx>
---
fs/proc/base.c | 2 ++
fs/proc/task_mmu.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 21fb230..4d42cf18 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -910,6 +910,7 @@ static ssize_t oom_score_adj_write(struct file *file, const char __user *buf,
err = -EFAULT;
goto out;
}
+ buffer[count] = '\0';
err = kstrtoint(strstrip(buffer), 0, &oom_score_adj);
if (err)
@@ -1192,6 +1193,7 @@ sched_autogroup_write(struct file *file, const char __user *buf,
count = sizeof(buffer) - 1;
if (copy_from_user(buffer, buf, count))
return -EFAULT;
+ buffer[count] = '\0';
err = kstrtoint(strstrip(buffer), 0, &nice);
if (err < 0)
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 79827ce..a1dae68 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -639,6 +639,7 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
count = sizeof(buffer) - 1;
if (copy_from_user(buffer, buf, count))
return -EFAULT;
+ buffer[count] = '\0';
rv = kstrtoint(strstrip(buffer), 10, &type);
if (rv < 0)
return rv;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/