[PATCH] fix oops on rmmod capidrv

From: Gerd v. Egidy
Date: Thu Jan 24 2008 - 12:08:28 EST

Next message: David Newall: "Re: [PATCH for mm] Remove iBCS support"
Previous message: David Newall: "Re: [PATCH for mm] Remove iBCS support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I think the patch below fixes a long-standing bug on rmmod capidrv. Please
apply.

Kind regards,

Gerd

Fix overwriting the stack with the version string
(it is currently 10 bytes + zero) when unloading the
capidrv module. Safeguard against overwriting it
should the version string grow in the future.

Should fix Kernel Bug Tracker Bug 9696.

Signed-off-by: Gerd v. Egidy <gerd.von.egidy@xxxxxxxxxxxxx>

diff -r -u linux-2.6.23.orig/drivers/isdn/capi/capidrv.c
linux-2.6.23/drivers/isdn/capi/capidrv.c
--- linux-2.6.23.orig/drivers/isdn/capi/capidrv.c Tue Oct 9 22:31:38 2007
+++ linux-2.6.23/drivers/isdn/capi/capidrv.c Thu Jan 24 16:47:55 2008
@@ -2306,13 +2306,14 @@

static void __exit capidrv_exit(void)
{
- char rev[10];
+ char rev[32];
char *p;

if ((p = strchr(revision, ':')) != 0) {
- strcpy(rev, p + 1);
- p = strchr(rev, '$');
- *p = 0;
+ strncpy(rev, p + 1, sizeof(rev));
+ rev[sizeof(rev)-1] = 0;
+ if ((p = strchr(rev, '$')) != 0)
+ *p = 0;
} else {
strcpy(rev, " ??? ");
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Newall: "Re: [PATCH for mm] Remove iBCS support"
Previous message: David Newall: "Re: [PATCH for mm] Remove iBCS support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]