Use the correct size for "name" in register_with_devfs().
During Al Viro's devfs cleanup a few versions ago, this function was
rewritten, and the "name" string added. The 32-byte size is not large
enough to prevent a possible buffer overflow in the sprintf() call,
since the hash cell can have a name up to 128 characters.
[Kevin Corry]
--- diff/drivers/md/dm-ioctl.c 2003-02-26 16:09:42.000000000 +0000
+++ source/drivers/md/dm-ioctl.c 2003-02-26 16:09:52.000000000 +0000
@@ -173,7 +173,7 @@
*/
static int register_with_devfs(struct hash_cell *hc)
{
- char name[32];
+ char name[DM_NAME_LEN + strlen(DM_DIR) + 1];
struct gendisk *disk = dm_disk(hc->md);
sprintf(name, DM_DIR "/%s", hc->name);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Feb 28 2003 - 22:00:36 EST