[PATCH] Staging: unisys: virthba: Fix variable length array
Ken Cox
jkc at redhat.com
Fri Mar 7 16:29:40 UTC 2014
On 03/07/2014 10:02 AM, Greg KH wrote:
> On Fri, Mar 07, 2014 at 07:10:57AM -0600, Ken Cox wrote:
>> A character array was declared on the stack with variable length. This has
>> been corrected to use a fixed length.
>>
>> Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
>> Signed-off-by: Ken Cox <jkc at redhat.com>
>> ---
>> drivers/staging/unisys/virthba/virthba.c | 7 ++++++-
>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/unisys/virthba/virthba.c b/drivers/staging/unisys/virthba/virthba.c
>> index c292293..3820c57 100644
>> --- a/drivers/staging/unisys/virthba/virthba.c
>> +++ b/drivers/staging/unisys/virthba/virthba.c
>> @@ -1439,12 +1439,17 @@ static ssize_t
>> enable_ints_write(struct file *file, const char __user *buffer,
>> size_t count, loff_t *ppos)
>> {
>> - char buf[count + 1];
>> + char buf[4];
>> int i, new_value;
>> struct virthba_info *virthbainfo;
>> U64 *Features_addr;
>> U64 mask;
>>
>> + if (count > 2) {
>> + LOGERR("invalid count<<%lu>>\n", count);
> Nice, a simple way to DoS the syslog from any user :)
>
> Don't even log this, you are going to be ripping all of those macros out
> eventually, so don't add new ones...
Good point. Revised patch coming.
More information about the devel
mailing list