Skip to content

Commit

Permalink
[S390] dasd: fix use after free in dbf
Browse files Browse the repository at this point in the history 
Writing to /proc/dasd/statistics while the debug level of the
generic dasd debug entry is set to DBF_DEBUG will lead to an
use after free when accessing the debug entry later.
Since for the format string "%s" in the s390 dbf only a pointer
to the string is stored in the debug feature and the buffer used
here is freed afterwards.

To fix this just remove the debug message.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
  • Loading branch information
Sebastian Ott authored and Martin Schwidefsky committed Oct 25, 2010
1 parent e05ef9b commit 26cffec
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion drivers/s390/block/dasd_proc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,6 @@ static ssize_t dasd_stats_proc_write(struct file *file,
buffer = dasd_get_user_string(user_buf, user_len);
if (IS_ERR(buffer))
return PTR_ERR(buffer);
DBF_EVENT(DBF_DEBUG, "/proc/dasd/statictics: '%s'\n", buffer);

/* check for valid verbs */
str = skip_spaces(buffer);
Expand Down

0 comments on commit 26cffec

Please sign in to comment.