diff options
| author | Jan Kara <jack@suse.cz> | 2015-06-02 17:10:28 +0200 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-06-02 10:28:52 -0700 |
| commit | f18c34e483ff6b1d9866472221e4015b3a4698e4 (patch) | |
| tree | 55542172dd992db5172eb64078ce01cac7db1a7b /security | |
| parent | c46a024ea5eb0165114dbbc8c82c29b7bcf66e71 (diff) | |
| download | linux-f18c34e483ff6b1d9866472221e4015b3a4698e4.tar.gz | |
lib: Fix strnlen_user() to not touch memory after specified maximum
If the specified maximum length of the string is a multiple of unsigned long, we would load one long behind the specified maximum. If that happens to be in a next page, we can hit a page fault although we were not expected to. Fix the off-by-one bug in the test whether we are at the end of the specified range. Signed-off-by: Jan Kara <jack@suse.cz> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions