Re: [patch] fix stack overflow in pktgen_if_write()
From: Dan Carpenter <hidden>
Date: 2010-10-27 22:41:10
From: Dan Carpenter <hidden>
Date: 2010-10-27 22:41:10
On Thu, Oct 28, 2010 at 12:12:35AM +0200, Dan Carpenter wrote:
- char tb[count + 1]; - if (copy_from_user(tb, user_buffer, count)) - return -EFAULT; - tb[count] = 0; + char *tb; + + tb = strndup_user(user_buffer, count + 1);
Crap... This should be memdup_user(). Sorry about that. I'll send v2. regards, dan carpenter
+ if (IS_ERR(tb))
+ return PTR_ERR(tb);
printk(KERN_DEBUG "pktgen: %s,%lu buffer -:%s:-\n", name,
(unsigned long)count, tb);
+ kfree(tb);
}
if (!strcmp(name, "min_pkt_size")) {