From: Xi Wang Date: Thu, 28 Feb 2013 01:05:21 +0000 (-0800) Subject: sysctl: fix null checking in bin_dn_node_address() X-Git-Tag: firefly_0821_release~3680^2~999^2~28 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=df1778be1a33edffa51d094eeda87c858ded6560;p=firefly-linux-kernel-4.4.55.git sysctl: fix null checking in bin_dn_node_address() The null check of `strchr() + 1' is broken, which is always non-null, leading to OOB read. Instead, check the result of strchr(). Signed-off-by: Xi Wang Cc: "Eric W. Biederman" Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c index b25115e8c7f3..ebf72358e86a 100644 --- a/kernel/sysctl_binary.c +++ b/kernel/sysctl_binary.c @@ -1171,9 +1171,10 @@ static ssize_t bin_dn_node_address(struct file *file, /* Convert the decnet address to binary */ result = -EIO; - nodep = strchr(buf, '.') + 1; + nodep = strchr(buf, '.'); if (!nodep) goto out; + ++nodep; area = simple_strtoul(buf, NULL, 10); node = simple_strtoul(nodep, NULL, 10);