From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 14 Sep 2012 06:56:00 +0000 (+0300)
Subject: Staging: silicom: add some range checks to proc functions
X-Git-Tag: firefly_0821_release~3680^2~1977^2~191
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e4c536b72fd6b25c7f4f9c6f293f43ba287b8e8f;p=firefly-linux-kernel-4.4.55.git

Staging: silicom: add some range checks to proc functions

If you tried to cat more than 255 characters (the last character is for
the terminator) to these proc files then it would corrupt kernel memory.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Cotey <puff65537@bansheeslibrary.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/silicom/bp_mod.c b/drivers/staging/silicom/bp_mod.c
index 6e999c7ea758..1b3f5e7eb282 100644
--- a/drivers/staging/silicom/bp_mod.c
+++ b/drivers/staging/silicom/bp_mod.c
@@ -8227,6 +8227,9 @@ set_dis_bypass_pfs(struct file *file, const char *buffer,
 
 	int bypass_param = 0, length = 0;
 
+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8256,6 +8259,9 @@ set_dis_tap_pfs(struct file *file, const char *buffer,
 
 	int tap_param = 0, length = 0;
 
+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8285,6 +8291,9 @@ set_dis_disc_pfs(struct file *file, const char *buffer,
 
 	int tap_param = 0, length = 0;
 
+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8374,6 +8383,9 @@ set_bypass_pwup_pfs(struct file *file, const char *buffer,
 
 	int bypass_param = 0, length = 0;
 
+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8403,6 +8415,9 @@ set_bypass_pwoff_pfs(struct file *file, const char *buffer,
 
 	int bypass_param = 0, length = 0;
 
+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8432,6 +8447,9 @@ set_tap_pwup_pfs(struct file *file, const char *buffer,
 
 	int tap_param = 0, length = 0;
 
+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8461,6 +8479,9 @@ set_disc_pwup_pfs(struct file *file, const char *buffer,
 
 	int tap_param = 0, length = 0;
 
+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}
@@ -8570,6 +8591,9 @@ set_std_nic_pfs(struct file *file, const char *buffer,
 
 	int bypass_param = 0, length = 0;
 
+	if (count >= sizeof(kbuf))
+		return -EINVAL;
+
 	if (copy_from_user(&kbuf, buffer, count)) {
 		return -1;
 	}