Re: CVE-2009-2584

From: Michael Buesch
Date: Thu Nov 05 2009 - 12:47:48 EST

Next message: Valdis . Kletnieks: "2.6.32-rc5-mmotm1101 - unkillable processes stuck in futex."
Previous message: Trond Myklebust: "Re: regression, bisected: getcwd() ENOENT on NFS4..."
In reply to: Linus Torvalds: "Re: CVE-2009-2584"
Next in thread: Jack Steiner: "Re: CVE-2009-2584"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 05 November 2009 18:38:21 Linus Torvalds wrote:
> @@ -161,14 +161,15 @@ static int options_show(struct seq_file *s, void *p)
> static ssize_t options_write(struct file *file, const char __user *userbuf,
> size_t count, loff_t *data)
> {
> - unsigned long val;
> - char buf[80];
> + char buf[16];
>
> - if (strncpy_from_user(buf, userbuf, sizeof(buf) - 1) < 0)
> + if (count >= sizeof(buf))
> + return -EINVAL;
> + if (copy_from_user(buf, userbuf, count))
> return -EFAULT;
> - buf[count - 1] = '\0';
> - if (!strict_strtoul(buf, 10, &val))
> - gru_options = val;
> + buf[count] = '\0';
> + if (strict_strtoul(buf, 0, &gru_options))
> + return -EINVAL;
>
> return count;
> }
>
>

Looks OK to me. I can't test it however, as I don't own the hardware.

--
Greetings, Michael.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "2.6.32-rc5-mmotm1101 - unkillable processes stuck in futex."
Previous message: Trond Myklebust: "Re: regression, bisected: getcwd() ENOENT on NFS4..."
In reply to: Linus Torvalds: "Re: CVE-2009-2584"
Next in thread: Jack Steiner: "Re: CVE-2009-2584"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]