[PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need reallyuse the default value just as it has already said.

From: Chen Gang
Date: Wed May 29 2013 - 22:36:35 EST

Next message: joeyli: "Re: [regression, bisected] x86: efi: Pass boot services variableinfo to runtime code"
Previous message: Libo Chen: "Re: [PATCH RESEND] scsi: megaraid: check kzalloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When "strlen(s) > MAX_ROOT_LEN", it has already said to use the default
value, but in fact, it still use the input value.

If happens, next sprintf() for 'fname' in simscsi_queuecommand_lck()
may be memory overflow.

Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx>
---
arch/ia64/hp/sim/simscsi.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/ia64/hp/sim/simscsi.c b/arch/ia64/hp/sim/simscsi.c
index 331de72..3a428f1 100644
--- a/arch/ia64/hp/sim/simscsi.c
+++ b/arch/ia64/hp/sim/simscsi.c
@@ -88,8 +88,8 @@ simscsi_setup (char *s)
if (strlen(s) > MAX_ROOT_LEN) {
printk(KERN_ERR "simscsi_setup: prefix too long---using default %s\n",
simscsi_root);
- }
- simscsi_root = s;
+ } else
+ simscsi_root = s;
return 1;
}

--
1.7.7.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: joeyli: "Re: [regression, bisected] x86: efi: Pass boot services variableinfo to runtime code"
Previous message: Libo Chen: "Re: [PATCH RESEND] scsi: megaraid: check kzalloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]