From: Stefan Assmann <sassmann@suse.de>
To: kexec@lists.infradead.org
Subject: kexec buffer overflow on ppc platform
Date: Thu, 31 Jan 2008 10:25:25 +0100 [thread overview]
Message-ID: <47A19405.7080109@suse.de> (raw)
[-- Attachment #1: Type: text/plain, Size: 245 bytes --]
Hi,
this patch fixes a buffer overflow on ppc.
Stefan
--
Stefan Assmann | SUSE LINUX Products GmbH
Software Engineer | Maxfeldstr. 5, D-90409 Nuernberg
Mail : sassmann@suse.de | GF: Markus Rex, HRB 16746 (AG Nuernberg)
[-- Attachment #2: kexec-tools.fread-buffer-overflow.patch --]
[-- Type: text/x-patch, Size: 1535 bytes --]
This patch fixes buffer overflows when buf is allocated MAXBYTES-1 and fread(buf, 1, MAXBYTES, file) is invoked.
Signed-off-by: Stefan Assmann <sassmann@suse.de>
---
kexec/arch/ppc64/crashdump-ppc64.c | 2 +-
kexec/arch/ppc64/kexec-ppc64.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
Index: b/kexec/arch/ppc64/kexec-ppc64.c
===================================================================
--- a/kexec/arch/ppc64/kexec-ppc64.c
+++ b/kexec/arch/ppc64/kexec-ppc64.c
@@ -160,7 +160,7 @@ static int get_base_ranges(void)
int local_memory_ranges = 0;
char device_tree[256] = "/proc/device-tree/";
char fname[256];
- char buf[MAXBYTES-1];
+ char buf[MAXBYTES];
DIR *dir, *dmem;
FILE *file;
struct dirent *dentry, *mentry;
@@ -258,7 +258,7 @@ static int get_devtree_details(unsigned
unsigned long long htab_base, htab_size;
unsigned long long kernel_end;
unsigned long long initrd_start, initrd_end;
- char buf[MAXBYTES-1];
+ char buf[MAXBYTES];
char device_tree[256] = "/proc/device-tree/";
char fname[256];
DIR *dir, *cdir;
Index: b/kexec/arch/ppc64/crashdump-ppc64.c
===================================================================
--- a/kexec/arch/ppc64/crashdump-ppc64.c
+++ b/kexec/arch/ppc64/crashdump-ppc64.c
@@ -101,7 +101,7 @@ static int get_crash_memory_ranges(struc
int memory_ranges = 0;
char device_tree[256] = "/proc/device-tree/";
char fname[256];
- char buf[MAXBYTES-1];
+ char buf[MAXBYTES];
DIR *dir, *dmem;
FILE *file;
struct dirent *dentry, *mentry;
[-- Attachment #3: Type: text/plain, Size: 143 bytes --]
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next reply other threads:[~2008-01-31 9:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-31 9:25 Stefan Assmann [this message]
2008-02-19 6:03 ` kexec buffer overflow on ppc platform Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A19405.7080109@suse.de \
--to=sassmann@suse.de \
--cc=kexec@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox