mm/backing-dev.c: check user buffer length before copying data to the related user buffer
'*lenp' may be less than "sizeof(kbuf)" so we must check this before the next copy_to_user(). pdflush_proc_obsolete() is called by sysctl which 'procname' is "nr_pdflush_threads", if the user passes buffer length less than "sizeof(kbuf)", it will cause issue. Signed-off-by: Chen Gang <gang.chen@asianux.com> Reviewed-by: Jan Kara <jack@suse.cz> Cc: Tejun Heo <tj@kernel.org> Cc: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
1ecfd533f4
commit
4c3bffc272
|
@ -652,7 +652,7 @@ int pdflush_proc_obsolete(struct ctl_table *table, int write,
|
|||
{
|
||||
char kbuf[] = "0\n";
|
||||
|
||||
if (*ppos) {
|
||||
if (*ppos || *lenp < sizeof(kbuf)) {
|
||||
*lenp = 0;
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue