From 6a5357887e4ebfd9c0f472cffc58bcdf426f4cad Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Thu, 7 Jun 2007 14:23:05 -0700 Subject: [PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875) Use simple_read_from_buffer to avoid possible underflow in cpuset_tasks_read which could allow user to read kernel memory. Note: This is fixed upstream in 85badbdf5120d246ce2bb3f1a7689a805f9c9006 Signed-off-by: Chris Wright --- kernel/cpuset.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'kernel') diff --git a/kernel/cpuset.c b/kernel/cpuset.c index 6b05dc69c95..5074f7d4c81 100644 --- a/kernel/cpuset.c +++ b/kernel/cpuset.c @@ -1751,12 +1751,7 @@ static ssize_t cpuset_tasks_read(struct file *file, char __user *buf, { struct ctr_struct *ctr = file->private_data; - if (*ppos + nbytes > ctr->bufsz) - nbytes = ctr->bufsz - *ppos; - if (copy_to_user(buf, ctr->buf + *ppos, nbytes)) - return -EFAULT; - *ppos += nbytes; - return nbytes; + return simple_read_from_buffer(buf, nbytes, ppos, ctr->buf, ctr->bufsz); } static int cpuset_tasks_release(struct inode *unused_inode, struct file *file) -- cgit v1.2.3-18-g5258