Commit graph

3 commits

Author SHA1 Message Date
Felix Fietkau
3848e6a246 kernel: crashlog: Avoid out-of-bounds write
vsnprintf returns the number of chars that would have been written, not
the actual number of chars written. This can lead to crashlog_buf->len
being too big which in turn can lead to get_maxlen() returning negative
numbers. The length argument of kmsg_dump_get_buffer will be casted to
a size_t which makes a negative input a big positive number allowing
kmsg_dump_get_buffer to write out of bounds.

Fix this by using vscnprintf which returns the actually written number
of chars.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 37820
2013-08-21 20:59:25 +00:00
Florian Fainelli
680f460861 kernel: refresh 3.8 patches
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 35317
2013-01-24 17:04:52 +00:00
Florian Fainelli
8dbed04ec9 kernel: add support for 3.8-rc2
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 35055
2013-01-08 22:19:31 +00:00