[PATCH] Block: Fix block/elevator.c elevator_get() off-by-one error

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: wzt.wzt

Subject: [PATCH] Block: Fix block/elevator.c elevator_get() off-by-one error

Date: Tuesday, March 30, 2010 - 2:21 am

elevator_get() not check the name length, if the name length > sizeof(elv),
elv will miss the '\0'. And elv buffer will be replace "-iosched" as something
like aaaaaaaaa, then call request_module() can load an not trust module.

Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>

---
 block/elevator.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/block/elevator.c b/block/elevator.c
index df75676..76e3702 100644
--- a/block/elevator.c
+++ b/block/elevator.c
@@ -154,7 +154,7 @@ static struct elevator_type *elevator_get(const char *name)
 
 		spin_unlock(&elv_list_lock);
 
-		sprintf(elv, "%s-iosched", name);
+		snprintf(elv, sizeof(elv), "%s-iosched", name);
 
 		request_module("%s", elv);
 		spin_lock(&elv_list_lock);
-- 
1.6.5.3

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] Block: Fix block/elevator.c elevator_get() off-by- ..., wzt.wzt, (Tue Mar 30, 2:21 am)

Re: [PATCH] Block: Fix block/elevator.c elevator_get() off ..., Jens Axboe, (Thu Apr 1, 11:40 pm)

Re: [PATCH] Block: Fix block/elevator.c elevator_get() off ..., Xiaotian Feng, (Fri Apr 2, 12:14 am)


linux-kernel:
Andrew Morton	Re: [PATCH] lazy freeing of memory through MADV_FREE 2/2
Peter Zijlstra	Re: [RFC PATCH 1/2] Marker probes in futex.c
Stephen Rothwell	linux-next: manual merge of the block tree with the ext4 tree
Stefan Richter	Re: [RFC PATCH] SCSI: split Kconfig menu into two
Michael S. Tsirkin	Re: [PATCH UPDATED 1/3] vhost: replace vhost_workqueue with per-vhost kthread
git:
Felipe Contreras	Re: [kernel.org users] [RFD] On deprecating "git-foo" for builtins
Johannes Schindelin	[PATCH] fetch: refuse to fetch into the current branch in a non-bare repository
Johannes Schindelin	Re: [PATCH] Fix install-doc-quick target
Nicolas Pitre	Re: About git and the use of SHA-1
Alex Riesen	Re: git exclude patterns for directory
git-commits-head:
Linux Kernel Mailing List	sh: Fix compile error by operands(mov.l) in sh3/entry.S
Linux Kernel Mailing List	New device ID for sc92031 [1088:2031]
Linux Kernel Mailing List	powerpc/kexec: Add support for FSL-BookE
Linux Kernel Mailing List	drivers/acpi: use kasprintf
Linux Kernel Mailing List	tmpfs: depend on shmem
linux-netdev:
Andi Kleen	Re: RFC: Nagle latency tuning
Paul Gortmaker	[PATCH net-next 09/16] tipc: Relocate trivial link status functions to header file
Russell King	Re: [BUG] New Kernel Bugs
Herbert Xu	Re: Oops in tun: bisected to Limit amount of queued packets per device
gregkh	Patch "IPv6: keep route for tentative address" has been added to the 2.6.34-stable...
openbsd-misc:
Andres Salazar	About priorities in /etc/resolv.conf
Rob Shepherd	x86 hardware for router system
Damien Miller	Re: Patching a SSH 'Weakness'
P. Souza	Re: RouterBOARD RB600A support
Tonnerre LOMBARD	Re: bge0: watchdog timeout