diff options
| author | Nikolaus Schulz <microschulz@web.de> | 2010-04-01 02:21:10 +0900 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-04-26 07:47:45 -0700 |
| commit | 898b5ece63b796443073f505a4403a35906f1b0b (patch) | |
| tree | c68bfc4162c2e991707dc080252b0380d3b8c6a8 /fs/timerfd.c | |
| parent | 5d085d89715692c6b4c918a42ee6638468544812 (diff) | |
| download | kernel-crypto-898b5ece63b796443073f505a4403a35906f1b0b.tar.gz kernel-crypto-898b5ece63b796443073f505a4403a35906f1b0b.tar.xz kernel-crypto-898b5ece63b796443073f505a4403a35906f1b0b.zip | |
fat: fix buffer overflow in vfat_create_shortname()
commit 30d1872d9eb3663b4cf7bdebcbf5cd465674cced upstream.
When using the string representation of a random counter as part of the base
name, ensure that it is no longer than 4 bytes.
Since we are repeatedly decrementing the counter in a loop until we have found a
unique base name, the counter may wrap around zero; therefore, it is not enough
to mask its higher bits before entering the loop, this must be done inside the
loop.
[hirofumi@mail.parknet.co.jp: use snprintf()]
Signed-off-by: Nikolaus Schulz <microschulz@web.de>
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs/timerfd.c')
0 files changed, 0 insertions, 0 deletions