qla_os.c causes proc_file_read: Apparent buffer overflow.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In qlaxxx/qla_os.c, the copy_mem_info function can cause proc_file_read
to produce an "Apparent buffer overflow" error.

For illistration, lets assume we enter with

info->offset = 0
info->len = PAGE_SIZE (16384 on ia64 where I am seeing this)
info->pos = 0

We pass in a data buffer that is 16386 bytes long.

As a result, the first len check in copy_mem_info will restrict len to
16384.  At the end of copy, info->buffer += len will point info->buffer
at the first byte of the next page.

When the qla2x00_proc_info read function returns to proc_file_read it
will check start >= page + PAGE_SIZE in the else case on fs/proc/generic.c
line 158, and produce a warning.

I am not sure what the correct fix is for this.  Any guidance would
be appreciated.

Thanks,
Robin Holt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux