From: Chen Gang Date: Mon, 22 Apr 2013 17:12:54 +0000 (+0000) Subject: powerpc/pseries/lparcfg: Fix possible overflow are more than 1026 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=5676005acf26ab7e924a8438ea4746e47d405762;p=openwrt%2Fstaging%2Fblogic.git powerpc/pseries/lparcfg: Fix possible overflow are more than 1026 need set '\0' for 'local_buffer'. SPLPAR_MAXLENGTH is 1026, RTAS_DATA_BUF_SIZE is 4096. so the contents of rtas_data_buf may truncated in memcpy. if contents are really truncated. the splpar_strlen is more than 1026. the next while loop checking will not find the end of buffer. that will cause memory access violation. Signed-off-by: Chen Gang Signed-off-by: Benjamin Herrenschmidt --- diff --git a/arch/powerpc/kernel/lparcfg.c b/arch/powerpc/kernel/lparcfg.c index f5725bce9ed2..ab297f492c67 100644 --- a/arch/powerpc/kernel/lparcfg.c +++ b/arch/powerpc/kernel/lparcfg.c @@ -301,6 +301,7 @@ static void parse_system_parameter_string(struct seq_file *m) __pa(rtas_data_buf), RTAS_DATA_BUF_SIZE); memcpy(local_buffer, rtas_data_buf, SPLPAR_MAXLENGTH); + local_buffer[SPLPAR_MAXLENGTH - 1] = '\0'; spin_unlock(&rtas_data_buf_lock); if (call_status != 0) {