[PATCH] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)

No one should be writing a PAGE_SIZE worth of data to a normal sysfs file, so properly terminate the buffer. Thanks to Al Viro for pointing out my stupidity here. CVE-2006-1055 has been assigned for this. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

[PATCH] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)
No one should be writing a PAGE_SIZE worth of data to a normal sysfs file, so properly terminate the buffer. Thanks to Al Viro for pointing out my stupidity here. CVE-2006-1055 has been assigned for this. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
4a80b29d · Greg Kroah-Hartman · 91011e69 · 4a80b29d
Commit 4a80b29d authored Mar 31, 2006 by Greg Kroah-Hartman
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

fs/sysfs/file.c fs/sysfs/file.c +1 -1

No files found.
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -183,7 +183,7 @@ fill_write_buffer(struct sysfs_buffer * buffer, const char __user * buf, size_t
 		return -ENOMEM;

 	if (count >= PAGE_SIZE)
-		count = PAGE_SIZE;
+		count = PAGE_SIZE - 1;
 	error = copy_from_user(buffer->page,buf,count);
 	buffer->needs_read_fill = 1;
 	return error ? -EFAULT : count;