Skip to content

Commit

Permalink
Staging: silicom: add some range checks to proc functions
Browse files Browse the repository at this point in the history 
If you tried to cat more than 255 characters (the last character is for
the terminator) to these proc files then it would corrupt kernel memory.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Cotey <puff65537@bansheeslibrary.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
Dan Carpenter authored and Greg Kroah-Hartman committed Sep 17, 2012
1 parent a09b027 commit e4c536b
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions drivers/staging/silicom/bp_mod.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8227,6 +8227,9 @@ set_dis_bypass_pfs(struct file *file, const char *buffer,

int bypass_param = 0, length = 0;

if (count >= sizeof(kbuf))
return -EINVAL;

if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
Expand Down Expand Up @@ -8256,6 +8259,9 @@ set_dis_tap_pfs(struct file *file, const char *buffer,

int tap_param = 0, length = 0;

if (count >= sizeof(kbuf))
return -EINVAL;

if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
Expand Down Expand Up @@ -8285,6 +8291,9 @@ set_dis_disc_pfs(struct file *file, const char *buffer,

int tap_param = 0, length = 0;

if (count >= sizeof(kbuf))
return -EINVAL;

if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
Expand Down Expand Up @@ -8374,6 +8383,9 @@ set_bypass_pwup_pfs(struct file *file, const char *buffer,

int bypass_param = 0, length = 0;

if (count >= sizeof(kbuf))
return -EINVAL;

if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
Expand Down Expand Up @@ -8403,6 +8415,9 @@ set_bypass_pwoff_pfs(struct file *file, const char *buffer,

int bypass_param = 0, length = 0;

if (count >= sizeof(kbuf))
return -EINVAL;

if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
Expand Down Expand Up @@ -8432,6 +8447,9 @@ set_tap_pwup_pfs(struct file *file, const char *buffer,

int tap_param = 0, length = 0;

if (count >= sizeof(kbuf))
return -EINVAL;

if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
Expand Down Expand Up @@ -8461,6 +8479,9 @@ set_disc_pwup_pfs(struct file *file, const char *buffer,

int tap_param = 0, length = 0;

if (count >= sizeof(kbuf))
return -EINVAL;

if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
Expand Down Expand Up @@ -8570,6 +8591,9 @@ set_std_nic_pfs(struct file *file, const char *buffer,

int bypass_param = 0, length = 0;

if (count >= sizeof(kbuf))
return -EINVAL;

if (copy_from_user(&kbuf, buffer, count)) {
return -1;
}
Expand Down

0 comments on commit e4c536b

Please sign in to comment.