summaryrefslogtreecommitdiff
path: root/package/boot
diff options
context:
space:
mode:
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2013-08-21 20:59:25 +0000
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2013-08-21 20:59:25 +0000
commitc00dc738e71e14b314710f250437603357b9207f (patch)
treeda8ca9958a4d4707fd9335916a0291cec173a2c4 /package/boot
parentfe86258a3325cfa0810c783ee832b0a3dbb7719f (diff)
kernel: crashlog: Avoid out-of-bounds write
vsnprintf returns the number of chars that would have been written, not the actual number of chars written. This can lead to crashlog_buf->len being too big which in turn can lead to get_maxlen() returning negative numbers. The length argument of kmsg_dump_get_buffer will be casted to a size_t which makes a negative input a big positive number allowing kmsg_dump_get_buffer to write out of bounds. Fix this by using vscnprintf which returns the actually written number of chars. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37820 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/boot')
0 files changed, 0 insertions, 0 deletions