Re: [PATCH RFC] [5/9] modpost: Fix a buffer overflow in modpost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 22, 2007 at 03:43:10AM +0100, Andi Kleen wrote:
> 
> When passing an file name > 1k the stack could be overflowed.
> Not really a security issue, but still better plugged.

Looks good. A s-o-b line again please.
Although I am not so happy with the ue of gcc extensions.

	Sam
> 
> 
> ---
>  scripts/mod/modpost.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> Index: linux/scripts/mod/modpost.c
> ===================================================================
> --- linux.orig/scripts/mod/modpost.c
> +++ linux/scripts/mod/modpost.c
> @@ -1656,7 +1656,6 @@ int main(int argc, char **argv)
>  {
>  	struct module *mod;
>  	struct buffer buf = { };
> -	char fname[SZ];
>  	char *kernel_read = NULL, *module_read = NULL;
>  	char *dump_write = NULL;
>  	int opt;
> @@ -1709,6 +1708,8 @@ int main(int argc, char **argv)
>  	err = 0;
>  
>  	for (mod = modules; mod; mod = mod->next) {
> +		char fname[strlen(mod->name) + 10];
> +
>  		if (mod->skip)
>  			continue;
>  
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux