Having more than 99 CPUs causes an overflow of cpustr.
If an attacker is able to control the number CPUs he might able to inject code
...kind of. ;-)
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Tony Luck <tony.luck@intel.com>
static void __cpuinit
create_palinfo_proc_entries(unsigned int cpu)
{
-# define CPUSTR "cpu%d"
-
pal_func_cpu_u_t f;
struct proc_dir_entry **pdir;
struct proc_dir_entry *cpu_dir;
int j;
- char cpustr[sizeof(CPUSTR)];
+ char cpustr[32];
/*
* we keep track of created entries in a depth-first order for
* cleanup purposes. Each entry is stored into palinfo_proc_entries
*/
- sprintf(cpustr,CPUSTR, cpu);
+ snprintf(cpustr, sizeof(cpustr), "cpu%d", cpu);
cpu_dir = proc_mkdir(cpustr, palinfo_dir);