Subject: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)
Newsgroups: gmane.linux.kernel
Date: 2006-04-04 23:59:47 GMT (3 years, 13 weeks, 1 hour and 17 minutes ago)
No one should be writing a PAGE_SIZE worth of data to a normal sysfs file, so properly terminate the buffer. Thanks to Al Viro for pointing out my stupidity here. CVE-2006-1055 has been assigned for this. Signed-off-by: Greg Kroah-Hartman <gregkh <at> suse.de> --- fs/sysfs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- linux-2.6.16.1.orig/fs/sysfs/file.c +++ linux-2.6.16.1/fs/sysfs/file.c @@ -183,7 +183,7 @@ fill_write_buffer(struct sysfs_buffer * return -ENOMEM; if (count >= PAGE_SIZE) - count = PAGE_SIZE; + count = PAGE_SIZE - 1; error = copy_from_user(buffer->page,buf,count); buffer->needs_read_fill = 1; return error ? -EFAULT : count; --