diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2006-03-31 15:37:06 -0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2006-04-07 09:44:26 -0700 |
commit | 4a80b29d91bc7a598a7d65b2500493a9fc3cb322 (patch) | |
tree | c8c0bfc0eea6722d3dcbb22001fcc7fd300614fc | |
parent | 91011e696c0483c778a1c07a77eb92d0d95aed7c (diff) |
[PATCH] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)
No one should be writing a PAGE_SIZE worth of data to a normal sysfs
file, so properly terminate the buffer.
Thanks to Al Viro for pointing out my stupidity here.
CVE-2006-1055 has been assigned for this.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/sysfs/file.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c index d0e3d8495165..2ecc58cc368a 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -183,7 +183,7 @@ fill_write_buffer(struct sysfs_buffer * buffer, const char __user * buf, size_t return -ENOMEM; if (count >= PAGE_SIZE) - count = PAGE_SIZE; + count = PAGE_SIZE - 1; error = copy_from_user(buffer->page,buf,count); buffer->needs_read_fill = 1; return error ? -EFAULT : count; |