public inbox for linux-arch@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it has already said.
@ 2013-05-30  2:35 Chen Gang
  2013-05-30  2:35 ` Chen Gang
  0 siblings, 1 reply; 2+ messages in thread
From: Chen Gang @ 2013-05-30  2:35 UTC (permalink / raw)
  To: tony.luck, fenghua.yu
  Cc: linux-ia64, linux-kernel@vger.kernel.org, Linux-Arch


When "strlen(s) > MAX_ROOT_LEN", it has already said to use the default
value, but in fact, it still use the input value.

If happens, next sprintf() for 'fname' in simscsi_queuecommand_lck()
may be memory overflow.


Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
 arch/ia64/hp/sim/simscsi.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/ia64/hp/sim/simscsi.c b/arch/ia64/hp/sim/simscsi.c
index 331de72..3a428f1 100644
--- a/arch/ia64/hp/sim/simscsi.c
+++ b/arch/ia64/hp/sim/simscsi.c
@@ -88,8 +88,8 @@ simscsi_setup (char *s)
 	if (strlen(s) > MAX_ROOT_LEN) {
 		printk(KERN_ERR "simscsi_setup: prefix too long---using default %s\n",
 		       simscsi_root);
-	}
-	simscsi_root = s;
+	} else
+		simscsi_root = s;
 	return 1;
 }
 
-- 
1.7.7.6

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-05-30  2:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-30  2:35 [PATCH] arch: ia64: hp: sim: sprintf() memory overflow, need really use the default value just as it has already said Chen Gang
2013-05-30  2:35 ` Chen Gang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox