Hi,
A range checking is missing in acpi_system_write_sleep() in kernel
2.4, and writing a large integer value to /proc/acpi/sleep will cause
an oops. I could reproduce one this way :
# echo 0x800000 >/proc/acpi/sleep
Fix extracted from the PaX patch.
Cheers,
Willy
---
drivers/acpi/system.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
3cae76269fd00aa352255d872c8f461472ef8b56
diff --git a/drivers/acpi/system.c b/drivers/acpi/system.c
index a1e018c..26f7b68 100644
--- a/drivers/acpi/system.c
+++ b/drivers/acpi/system.c
@@ -748,7 +748,7 @@ acpi_system_write_sleep (
state = simple_strtoul(state_string, NULL, 0);
- if (!system->states[state])
+ if (state >= ACPI_S_STATE_COUNT || !system->states[state])
return_VALUE(-ENODEV);
/*
--
1.3.3
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
