From ab2df5cd479da9935e23cd7042d69a39f5cec3b0 Mon Sep 17 00:00:00 2001
From: Stefan Assmann <sassmann@suse.de>
Date: Thu, 31 Jan 2008 10:25:25 +0100
Subject: kexec buffer overflow on ppc platform

This patch fixes buffer overflows when buf is allocated MAXBYTES-1 and fread(buf, 1, MAXBYTES, file) is invoked.

Signed-off-by: Stefan Assmann <sassmann@suse.de>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 kexec/arch/ppc64/crashdump-ppc64.c | 2 +-
 kexec/arch/ppc64/kexec-ppc64.c     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'kexec')

diff --git a/kexec/arch/ppc64/crashdump-ppc64.c b/kexec/arch/ppc64/crashdump-ppc64.c
index 0ef093e..e425346 100644
--- a/kexec/arch/ppc64/crashdump-ppc64.c
+++ b/kexec/arch/ppc64/crashdump-ppc64.c
@@ -101,7 +101,7 @@ static int get_crash_memory_ranges(struct memory_range **range, int *ranges)
 	int memory_ranges = 0;
 	char device_tree[256] = "/proc/device-tree/";
 	char fname[256];
-	char buf[MAXBYTES-1];
+	char buf[MAXBYTES];
 	DIR *dir, *dmem;
 	FILE *file;
 	struct dirent *dentry, *mentry;
diff --git a/kexec/arch/ppc64/kexec-ppc64.c b/kexec/arch/ppc64/kexec-ppc64.c
index 9333f29..2c74484 100644
--- a/kexec/arch/ppc64/kexec-ppc64.c
+++ b/kexec/arch/ppc64/kexec-ppc64.c
@@ -160,7 +160,7 @@ static int get_base_ranges(void)
 	int local_memory_ranges = 0;
 	char device_tree[256] = "/proc/device-tree/";
 	char fname[256];
-	char buf[MAXBYTES-1];
+	char buf[MAXBYTES];
 	DIR *dir, *dmem;
 	FILE *file;
 	struct dirent *dentry, *mentry;
@@ -258,7 +258,7 @@ static int get_devtree_details(unsigned long kexec_flags)
 	unsigned long long htab_base, htab_size;
 	unsigned long long kernel_end;
 	unsigned long long initrd_start, initrd_end;
-	char buf[MAXBYTES-1];
+	char buf[MAXBYTES];
 	char device_tree[256] = "/proc/device-tree/";
 	char fname[256];
 	DIR *dir, *cdir;
-- 
cgit