[PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it has already said.

Chen Gang Wed, 29 May 2013 19:36:54 -0700

When "strlen(s) > MAX_ROOT_LEN", it has already said to use the default
value, but in fact, it still use the input value.


If happens, next sprintf() for 'fname' in simscsi_queuecommand_lck()
may be memory overflow.


Signed-off-by: Chen Gang <gang.c...@asianux.com>
---
 arch/ia64/hp/sim/simscsi.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/ia64/hp/sim/simscsi.c b/arch/ia64/hp/sim/simscsi.c
index 331de72..3a428f1 100644
--- a/arch/ia64/hp/sim/simscsi.c
+++ b/arch/ia64/hp/sim/simscsi.c
@@ -88,8 +88,8 @@ simscsi_setup (char *s)
        if (strlen(s) > MAX_ROOT_LEN) {
                printk(KERN_ERR "simscsi_setup: prefix too long---using default 
%s\n",
                       simscsi_root);
-       }
-       simscsi_root = s;
+       } else
+               simscsi_root = s;
        return 1;
 }
 
-- 
1.7.7.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it has already said.

Reply via email to