From: Adam B. Jerome Date: Wed, 12 Jul 2006 16:03:07 +0000 (-0700) Subject: [PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user() X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=0635170b544b01b46a81b4ac5cff5020ab59d1fc;p=openwrt%2Fstaging%2Fblogic.git [PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user() Address a potential 'larger than buffer size' memory access by clear_user(). Without this patch, this call to clear_user() can attempt to clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by read_kcore(). Signed-off-by: Adam B. Jerome Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index 8d6d85d7400f..6a984f64edd7 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c @@ -382,7 +382,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) */ if (n) { if (clear_user(buffer + tsz - n, - tsz - n)) + n)) return -EFAULT; } } else {