[PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it has already said.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it has already said.
@ 2013-05-30  2:35 ` Chen Gang
  0 siblings, 0 replies; 2+ messages in thread
From: Chen Gang @ 2013-05-30  2:35 UTC (permalink / raw)
  To: tony.luck, fenghua.yu
  Cc: linux-ia64, linux-kernel@vger.kernel.org, Linux-Arch

When "strlen(s) > MAX_ROOT_LEN", it has already said to use the default
value, but in fact, it still use the input value.

If happens, next sprintf() for 'fname' in simscsi_queuecommand_lck()
may be memory overflow.

Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
 arch/ia64/hp/sim/simscsi.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/ia64/hp/sim/simscsi.c b/arch/ia64/hp/sim/simscsi.c
index 331de72..3a428f1 100644
--- a/arch/ia64/hp/sim/simscsi.c
+++ b/arch/ia64/hp/sim/simscsi.c
@@ -88,8 +88,8 @@ simscsi_setup (char *s)
 	if (strlen(s) > MAX_ROOT_LEN) {
 		printk(KERN_ERR "simscsi_setup: prefix too long---using default %s\n",
 		       simscsi_root);
-	}
-	simscsi_root = s;
+	} else
+		simscsi_root = s;
 	return 1;
 }

-- 
1.7.7.6

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it
@ 2013-05-30  2:35 ` Chen Gang
  0 siblings, 0 replies; 2+ messages in thread
From: Chen Gang @ 2013-05-30  2:35 UTC (permalink / raw)
  To: tony.luck, fenghua.yu
  Cc: linux-ia64, linux-kernel@vger.kernel.org, Linux-Arch


When "strlen(s) > MAX_ROOT_LEN", it has already said to use the default
value, but in fact, it still use the input value.

If happens, next sprintf() for 'fname' in simscsi_queuecommand_lck()
may be memory overflow.


Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
 arch/ia64/hp/sim/simscsi.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/ia64/hp/sim/simscsi.c b/arch/ia64/hp/sim/simscsi.c
index 331de72..3a428f1 100644
--- a/arch/ia64/hp/sim/simscsi.c
+++ b/arch/ia64/hp/sim/simscsi.c
@@ -88,8 +88,8 @@ simscsi_setup (char *s)
 	if (strlen(s) > MAX_ROOT_LEN) {
 		printk(KERN_ERR "simscsi_setup: prefix too long---using default %s\n",
 		       simscsi_root);
-	}
-	simscsi_root = s;
+	} else
+		simscsi_root = s;
 	return 1;
 }
 
-- 
1.7.7.6

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-05-30  2:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-30  2:35 [PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it has already said Chen Gang
2013-05-30  2:35 ` [PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it Chen Gang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.