All of lore.kernel.org
 help / color / mirror / Atom feed
* kexec buffer overflow on ppc platform
@ 2008-01-31  9:25 Stefan Assmann
  2008-02-19  6:03 ` Simon Horman
  0 siblings, 1 reply; 2+ messages in thread
From: Stefan Assmann @ 2008-01-31  9:25 UTC (permalink / raw)
  To: kexec

[-- Attachment #1: Type: text/plain, Size: 245 bytes --]

Hi,

this patch fixes a buffer overflow on ppc.

    Stefan

-- 
Stefan Assmann          | SUSE LINUX Products GmbH
Software Engineer       | Maxfeldstr. 5, D-90409 Nuernberg
Mail : sassmann@suse.de | GF: Markus Rex, HRB 16746 (AG Nuernberg)




[-- Attachment #2: kexec-tools.fread-buffer-overflow.patch --]
[-- Type: text/x-patch, Size: 1535 bytes --]

This patch fixes buffer overflows when buf is allocated MAXBYTES-1 and fread(buf, 1, MAXBYTES, file) is invoked.

Signed-off-by: Stefan Assmann <sassmann@suse.de>
---
 kexec/arch/ppc64/crashdump-ppc64.c |    2 +-
 kexec/arch/ppc64/kexec-ppc64.c     |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

Index: b/kexec/arch/ppc64/kexec-ppc64.c
===================================================================
--- a/kexec/arch/ppc64/kexec-ppc64.c
+++ b/kexec/arch/ppc64/kexec-ppc64.c
@@ -160,7 +160,7 @@ static int get_base_ranges(void)
 	int local_memory_ranges = 0;
 	char device_tree[256] = "/proc/device-tree/";
 	char fname[256];
-	char buf[MAXBYTES-1];
+	char buf[MAXBYTES];
 	DIR *dir, *dmem;
 	FILE *file;
 	struct dirent *dentry, *mentry;
@@ -258,7 +258,7 @@ static int get_devtree_details(unsigned
 	unsigned long long htab_base, htab_size;
 	unsigned long long kernel_end;
 	unsigned long long initrd_start, initrd_end;
-	char buf[MAXBYTES-1];
+	char buf[MAXBYTES];
 	char device_tree[256] = "/proc/device-tree/";
 	char fname[256];
 	DIR *dir, *cdir;
Index: b/kexec/arch/ppc64/crashdump-ppc64.c
===================================================================
--- a/kexec/arch/ppc64/crashdump-ppc64.c
+++ b/kexec/arch/ppc64/crashdump-ppc64.c
@@ -101,7 +101,7 @@ static int get_crash_memory_ranges(struc
 	int memory_ranges = 0;
 	char device_tree[256] = "/proc/device-tree/";
 	char fname[256];
-	char buf[MAXBYTES-1];
+	char buf[MAXBYTES];
 	DIR *dir, *dmem;
 	FILE *file;
 	struct dirent *dentry, *mentry;



[-- Attachment #3: Type: text/plain, Size: 143 bytes --]

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-02-19  6:03 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-31  9:25 kexec buffer overflow on ppc platform Stefan Assmann
2008-02-19  6:03 ` Simon Horman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.