[PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user()

Address a potential 'larger than buffer size' memory access by clear_user(). Without this patch, this call to clear_user() can attempt to clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by read_kcore(). Signed-off-by: Adam B. Jerome <abj@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user()
Address a potential 'larger than buffer size' memory access by clear_user(). Without this patch, this call to clear_user() can attempt to clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by read_kcore(). Signed-off-by: Adam B. Jerome <abj@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
0635170b · Adam B. Jerome · Linus Torvalds · 232ba9db · 0635170b
Commit 0635170b authored Jul 12, 2006 by Adam B. Jerome Committed by Linus Torvalds Jul 12, 2006
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

fs/proc/kcore.c fs/proc/kcore.c +1 -1

No files found.
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -382,7 +382,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
 				 */
 				if (n) { 
 					if (clear_user(buffer + tsz - n,
-								tsz - n))
+								n))
 						return -EFAULT;
 				}
 			} else {