parport: Proper fix for array out-of-bounds access (1563353e) · Commits · EulixOS / Software / Kernel

drivers/parport/procfs.c

+11 −11

Original line number	Diff line number	Diff line
		@@ -58,12 +58,12 @@ static int do_active_device(struct ctl_table *table, int write,

		for (dev = port->devices; dev ; dev = dev->next) {
		if(dev == port->cad) {
		len += snprintf(buffer, sizeof(buffer), "%s\n", dev->name);
		len += scnprintf(buffer, sizeof(buffer), "%s\n", dev->name);
		}
		}

		if(!len) {
		len += snprintf(buffer, sizeof(buffer), "%s\n", "none");
		len += scnprintf(buffer, sizeof(buffer), "%s\n", "none");
		}

		if (len > *lenp)
		@@ -94,19 +94,19 @@ static int do_autoprobe(struct ctl_table *table, int write,
		}

		if ((str = info->class_name) != NULL)
		len += snprintf (buffer + len, sizeof(buffer) - len, "CLASS:%s;\n", str);
		len += scnprintf (buffer + len, sizeof(buffer) - len, "CLASS:%s;\n", str);

		if ((str = info->model) != NULL)
		len += snprintf (buffer + len, sizeof(buffer) - len, "MODEL:%s;\n", str);
		len += scnprintf (buffer + len, sizeof(buffer) - len, "MODEL:%s;\n", str);

		if ((str = info->mfr) != NULL)
		len += snprintf (buffer + len, sizeof(buffer) - len, "MANUFACTURER:%s;\n", str);
		len += scnprintf (buffer + len, sizeof(buffer) - len, "MANUFACTURER:%s;\n", str);

		if ((str = info->description) != NULL)
		len += snprintf (buffer + len, sizeof(buffer) - len, "DESCRIPTION:%s;\n", str);
		len += scnprintf (buffer + len, sizeof(buffer) - len, "DESCRIPTION:%s;\n", str);

		if ((str = info->cmdset) != NULL)
		len += snprintf (buffer + len, sizeof(buffer) - len, "COMMAND SET:%s;\n", str);
		len += scnprintf (buffer + len, sizeof(buffer) - len, "COMMAND SET:%s;\n", str);

		if (len > *lenp)
		len = *lenp;
		@@ -135,7 +135,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write,
		if (write) /* permissions prevent this anyway */
		return -EACCES;

		len += snprintf (buffer, sizeof(buffer), "%lu\t%lu\n", port->base, port->base_hi);
		len += scnprintf (buffer, sizeof(buffer), "%lu\t%lu\n", port->base, port->base_hi);

		if (len > *lenp)
		len = *lenp;
		@@ -162,7 +162,7 @@ static int do_hardware_irq(struct ctl_table *table, int write,
		if (write) /* permissions prevent this anyway */
		return -EACCES;

		len += snprintf (buffer, sizeof(buffer), "%d\n", port->irq);
		len += scnprintf (buffer, sizeof(buffer), "%d\n", port->irq);

		if (len > *lenp)
		len = *lenp;
		@@ -189,7 +189,7 @@ static int do_hardware_dma(struct ctl_table *table, int write,
		if (write) /* permissions prevent this anyway */
		return -EACCES;

		len += snprintf (buffer, sizeof(buffer), "%d\n", port->dma);
		len += scnprintf (buffer, sizeof(buffer), "%d\n", port->dma);

		if (len > *lenp)
		len = *lenp;
		@@ -220,7 +220,7 @@ static int do_hardware_modes(struct ctl_table *table, int write,
		#define printmode(x) \
		do { \
		if (port->modes & PARPORT_MODE_##x) \
		len += snprintf(buffer + len, sizeof(buffer) - len, "%s%s", f++ ? "," : "", #x); \
		len += scnprintf(buffer + len, sizeof(buffer) - len, "%s%s", f++ ? "," : "", #x); \
		} while (0)
		int f = 0;
		printmode(PCSPP);