Unverified Commit 8a845799 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!12467 fix CVE-2024-42301 

Merge Pull Request from: @ci-robot 
 
PR sync from: dinglongwei <dinglongwei1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/YIYRYWH2LWILDNCFG6MJHRX5HZY2VEC2/ 
fix CVE-2024-42301_OLK-5.10

Takashi Iwai (1):
  parport: Proper fix for array out-of-bounds access

tuhaowen (1):
  dev/parport: fix the array out-of-bounds risk


-- 
2.17.1
 
https://gitee.com/openeuler/kernel/issues/IAVLO6?from=project-issue
https://gitee.com/src-openeuler/kernel/issues/IAKQAA 
 
Link:https://gitee.com/openeuler/kernel/pulls/12467

 

Reviewed-by: default avatarWeilong Chen <chenweilong@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents 3d927574 ffff1ca7

drivers/parport/procfs.c

+12 −12
Original line number Diff line number Diff line
@@ -51,12 +51,12 @@ static int do_active_device(struct ctl_table *table, int write, 
	

	for (dev = port->devices; dev ; dev = dev->next) {

		if(dev == port->cad) {

			len += sprintf(buffer, "%s\n", dev->name);

			len += scnprintf(buffer, sizeof(buffer), "%s\n", dev->name);

		}

	}



	if(!len) {

		len += sprintf(buffer, "%s\n", "none");

		len += scnprintf(buffer, sizeof(buffer), "%s\n", "none");

	}



	if (len > *lenp)
@@ -87,19 +87,19 @@ static int do_autoprobe(struct ctl_table *table, int write, 
	}

	

	if ((str = info->class_name) != NULL)

		len += sprintf (buffer + len, "CLASS:%s;\n", str);

		len += scnprintf (buffer + len, sizeof(buffer) - len, "CLASS:%s;\n", str);



	if ((str = info->model) != NULL)

		len += sprintf (buffer + len, "MODEL:%s;\n", str);

		len += scnprintf (buffer + len, sizeof(buffer) - len, "MODEL:%s;\n", str);



	if ((str = info->mfr) != NULL)

		len += sprintf (buffer + len, "MANUFACTURER:%s;\n", str);

		len += scnprintf (buffer + len, sizeof(buffer) - len, "MANUFACTURER:%s;\n", str);



	if ((str = info->description) != NULL)

		len += sprintf (buffer + len, "DESCRIPTION:%s;\n", str);

		len += scnprintf (buffer + len, sizeof(buffer) - len, "DESCRIPTION:%s;\n", str);



	if ((str = info->cmdset) != NULL)

		len += sprintf (buffer + len, "COMMAND SET:%s;\n", str);

		len += scnprintf (buffer + len, sizeof(buffer) - len, "COMMAND SET:%s;\n", str);



	if (len > *lenp)

		len = *lenp;
@@ -117,7 +117,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write, 
				 void *result, size_t *lenp, loff_t *ppos)

{

	struct parport *port = (struct parport *)table->extra1;

	char buffer[20];

	char buffer[64];

	int len = 0;



	if (*ppos) {
@@ -128,7 +128,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write, 
	if (write) /* permissions prevent this anyway */

		return -EACCES;



	len += sprintf (buffer, "%lu\t%lu\n", port->base, port->base_hi);

	len += scnprintf (buffer, sizeof(buffer), "%lu\t%lu\n", port->base, port->base_hi);



	if (len > *lenp)

		len = *lenp;
@@ -155,7 +155,7 @@ static int do_hardware_irq(struct ctl_table *table, int write, 
	if (write) /* permissions prevent this anyway */

		return -EACCES;



	len += sprintf (buffer, "%d\n", port->irq);

	len += scnprintf (buffer, sizeof(buffer), "%d\n", port->irq);



	if (len > *lenp)

		len = *lenp;
@@ -182,7 +182,7 @@ static int do_hardware_dma(struct ctl_table *table, int write, 
	if (write) /* permissions prevent this anyway */

		return -EACCES;



	len += sprintf (buffer, "%d\n", port->dma);

	len += scnprintf (buffer, sizeof(buffer), "%d\n", port->dma);



	if (len > *lenp)

		len = *lenp;
@@ -213,7 +213,7 @@ static int do_hardware_modes(struct ctl_table *table, int write, 
#define printmode(x)							\

do {									\

	if (port->modes & PARPORT_MODE_##x)				\

		len += sprintf(buffer + len, "%s%s", f++ ? "," : "", #x); \

		len += scnprintf(buffer + len, sizeof(buffer) - len, "%s%s", f++ ? "," : "", #x); \

} while (0)

		int f = 0;

		printmode(PCSPP);