[PATCH] sysctl: fix null checking in bin_dn_node_address()

Xi Wang Tue, 22 Jan 2013 06:59:03 -0800

The null check of `strchr() + 1' is broken, which is always non-null,
leading to OOB read.  Instead, check the result of strchr().


Signed-off-by: Xi Wang <xi.w...@gmail.com>
Cc: sta...@vger.kernel.org
---
 kernel/sysctl_binary.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index 5a63844..0ddf3a0 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -1194,9 +1194,10 @@ static ssize_t bin_dn_node_address(struct file *file,
 
                /* Convert the decnet address to binary */
                result = -EIO;
-               nodep = strchr(buf, '.') + 1;
+               nodep = strchr(buf, '.');
                if (!nodep)
                        goto out;
+               ++nodep;
 
                area = simple_strtoul(buf, NULL, 10);
                node = simple_strtoul(nodep, NULL, 10);
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] sysctl: fix null checking in bin_dn_node_address()

Reply via email to