[PATCH] /fs/proc/: 'larger than buffer size' memory accessed by clear_user() Address a potential 'larger than buffer size' memory access by clear_user(). Without this patch, this call to clear_user() can attempt to clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by read_kcore(). Signed-off-by: Adam B. Jerome <abj@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

commit: 0635170b544b01b46a81b4ac5cff5020ab59d1fc [log] [tgz]
author: Adam B. Jerome <abj@novell.com> Wed Jul 12 09:03:07 2006 -0700
committer: Linus Torvalds <torvalds@g5.osdl.org> Wed Jul 12 12:52:55 2006 -0700
tree: 743144ec50b98b1b16df6dfe1448584b946aae2e
parent: 232ba9dbd68bb084d5d90c511f207d18eae614da [diff] [blame]
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 8d6d85d..6a984f6 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c

@@ -382,7 +382,7 @@
 				 */
 				if (n) { 
 					if (clear_user(buffer + tsz - n,
-								tsz - n))
+								n))
 						return -EFAULT;
 				}
 			} else {
commit	0635170b544b01b46a81b4ac5cff5020ab59d1fc	[log] [tgz]
author	Adam B. Jerome <abj@novell.com>	Wed Jul 12 09:03:07 2006 -0700
committer	Linus Torvalds <torvalds@g5.osdl.org>	Wed Jul 12 12:52:55 2006 -0700
tree	743144ec50b98b1b16df6dfe1448584b946aae2e
parent	232ba9dbd68bb084d5d90c511f207d18eae614da [diff] [blame]