[IA64] Fix stack overflow in create_palinfo_proc_entries

Having more than 99 CPUs causes an overflow of cpustr.
If an attacker is able to control the number CPUs he might able to inject code
...kind of. ;-)

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Tony Luck <tony.luck@intel.com>

diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c
index 77597e5ea60aca9429f29c26ec7973bf89a19683..35bee152e158673185cb5bc6d9d2079411f64b6e 100644 (file)
--- a/arch/ia64/kernel/palinfo.c
+++ b/arch/ia64/kernel/palinfo.c
@@ -971,20 +971,18 @@ palinfo_read_entry(char *page, char **start, off_t off, int count, int *eof, voi
 static void __cpuinit
 create_palinfo_proc_entries(unsigned int cpu)
 {
-#      define CPUSTR   "cpu%d"
-
        pal_func_cpu_u_t f;
        struct proc_dir_entry **pdir;
        struct proc_dir_entry *cpu_dir;
        int j;
-       char cpustr[sizeof(CPUSTR)];
+       char cpustr[32];
 
 
        /*
         * we keep track of created entries in a depth-first order for
         * cleanup purposes. Each entry is stored into palinfo_proc_entries
         */
-       sprintf(cpustr,CPUSTR, cpu);
+       snprintf(cpustr, sizeof(cpustr), "cpu%d", cpu);
 
        cpu_dir = proc_mkdir(cpustr, palinfo_dir);