summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorMiao Xie <miaox@cn.fujitsu.com>2007-11-21 14:55:19 -0800
committerGreg Kroah-Hartman <gregkh@suse.de>2007-11-28 13:53:53 -0800
commit8118a859dc7abd873193986c77a8d9bdb877adc8 (patch)
tree6b66719637ba2b4174c126cb751a090de0536269 /security
parent71409a498e96a421bdc20e7275ebc4fab8b14cdc (diff)
sysfs: fix off-by-one error in fill_read_buffer()
I found that there is a off-by-one problem in the following code. Version: 2.6.24-rc2 File: fs/sysfs/file.c:118-122 Function: fill_read_buffer -------------------------------------------------------------------- count = ops->show(kobj, attr_sd->s_attr.attr, buffer->page); sysfs_put_active_two(attr_sd); BUG_ON(count > (ssize_t)PAGE_SIZE); -------------------------------------------------------------------- Because according to the specification of the sysfs and the implement of the show methods, the show methods return the number of bytes which would be generated for the given input, excluding the trailing null.So if the return value of the show methods equals PAGE_SIZE - 1, the buffer is full in fact. And if the return value equals PAGE_SIZE, the resulting string was already truncated,or buffer overflow occurred. This patch fixes an off-by-one error in fill_read_buffer. Signed-off-by: Miao Xie <miaox@cn.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Tejun Heo <teheo@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions