summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorChris Wright <chrisw@sous-sol.org>2007-06-07 14:23:05 -0700
committerChris Wright <chrisw@sous-sol.org>2007-06-07 14:23:05 -0700
commit6a5357887e4ebfd9c0f472cffc58bcdf426f4cad (patch)
tree6231c0720c2c2fe5a2b9d75335508314c08dbf86 /kernel
parentf5939fcd7378c7a26cc8101dff373c90d269d769 (diff)
[PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)
Use simple_read_from_buffer to avoid possible underflow in cpuset_tasks_read which could allow user to read kernel memory. Note: This is fixed upstream in 85badbdf5120d246ce2bb3f1a7689a805f9c9006 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/cpuset.c7
1 files changed, 1 insertions, 6 deletions
diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index 6b05dc69c959..5074f7d4c811 100644
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -1751,12 +1751,7 @@ static ssize_t cpuset_tasks_read(struct file *file, char __user *buf,
{
struct ctr_struct *ctr = file->private_data;
- if (*ppos + nbytes > ctr->bufsz)
- nbytes = ctr->bufsz - *ppos;
- if (copy_to_user(buf, ctr->buf + *ppos, nbytes))
- return -EFAULT;
- *ppos += nbytes;
- return nbytes;
+ return simple_read_from_buffer(buf, nbytes, ppos, ctr->buf, ctr->bufsz);
}
static int cpuset_tasks_release(struct inode *unused_inode, struct file *file)