From: Adam B. Jerome <abj@novell.com>
Date: Wed, 12 Jul 2006 16:03:07 +0000 (-0700)
Subject: [PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user()
X-Git-Tag: v2.6.18-rc2~108
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=0635170b544b01b46a81b4ac5cff5020ab59d1fc;p=karo-tx-linux.git

[PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user()

Address a potential 'larger than buffer size' memory access by
clear_user().  Without this patch, this call to clear_user() can attempt to
clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by
read_kcore().

Signed-off-by: Adam B. Jerome <abj@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---

diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 8d6d85d7400f..6a984f64edd7 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -382,7 +382,7 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
 				 */
 				if (n) { 
 					if (clear_user(buffer + tsz - n,
-								tsz - n))
+								n))
 						return -EFAULT;
 				}
 			} else {