On Fri, Mar 07, 2014 at 07:10:57AM -0600, Ken Cox wrote:
> A character array was declared on the stack with variable length. This has
> been corrected to use a fixed length.
>
> Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
> Signed-off-by: Ken Cox <j...@redhat.com>
> ---
> drivers/staging/unisys/virthba/virthba.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/staging/unisys/virthba/virthba.c
> b/drivers/staging/unisys/virthba/virthba.c
> index c292293..3820c57 100644
> --- a/drivers/staging/unisys/virthba/virthba.c
> +++ b/drivers/staging/unisys/virthba/virthba.c
> @@ -1439,12 +1439,17 @@ static ssize_t
> enable_ints_write(struct file *file, const char __user *buffer,
> size_t count, loff_t *ppos)
> {
> - char buf[count + 1];
> + char buf[4];
> int i, new_value;
> struct virthba_info *virthbainfo;
> U64 *Features_addr;
> U64 mask;
>
> + if (count > 2) {
> + LOGERR("invalid count<<%lu>>\n", count);
Nice, a simple way to DoS the syslog from any user :)
Don't even log this, you are going to be ripping all of those macros out
eventually, so don't add new ones...
thanks,
greg k-h
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
