diff options
author | Willy Tarreau <w@1wt.eu> | 2008-02-03 18:32:33 +0100 |
---|---|---|
committer | Willy Tarreau <w@1wt.eu> | 2008-07-20 18:25:39 +0200 |
commit | 7b8280869fcc810656c70cba6a2c22c790626627 (patch) | |
tree | ec05db6af3268bad8ed87a8502266cdc200b562e /fs | |
parent | 0553785f2289a4cd482a0346a94c9647c04683cb (diff) | |
download | linux-2.4-7b8280869fcc810656c70cba6a2c22c790626627.tar.gz |
security: insufficient range checks in certain fault handlers
This is the 2.4 version of Nick Piggin's work on 2.6 fault handlers.
This deals with security vulnerability CVE-2008-0007.
Drivers that register a ->nopage handler, that does not range-check its
offset argument, must set VM_DONTEXPAND in the vm_flags to ensure the
offset is within bounds.
Signed-off-by: Willy Tarreau <w@1wt.eu>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ncpfs/mmap.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/fs/ncpfs/mmap.c b/fs/ncpfs/mmap.c index 7d9bc345d4f0a5..dd8cb1a9eca6d2 100644 --- a/fs/ncpfs/mmap.c +++ b/fs/ncpfs/mmap.c @@ -47,9 +47,6 @@ static struct page* ncp_file_mmap_nopage(struct vm_area_struct *area, pos = address - area->vm_start + (area->vm_pgoff << PAGE_SHIFT); count = PAGE_SIZE; - if (address + PAGE_SIZE > area->vm_end) { - count = area->vm_end - address; - } /* what we can read in one go */ bufsize = NCP_SERVER(inode)->buffer_size; |