security: insufficient range checks in certain fault handlers

This is the 2.4 version of Nick Piggin's work on 2.6 fault handlers. This deals with security vulnerability CVE-2008-0007. Drivers that register a ->nopage handler, that does not range-check its offset argument, must set VM_DONTEXPAND in the vm_flags to ensure the offset is within bounds. Signed-off-by: Willy Tarreau <w@1wt.eu>
author: Willy Tarreau <w@1wt.eu> 2008-02-03 18:32:33 +0100
committer: Willy Tarreau <w@1wt.eu> 2008-07-20 18:25:39 +0200
commit: 7b8280869fcc810656c70cba6a2c22c790626627 (patch)
tree: ec05db6af3268bad8ed87a8502266cdc200b562e /fs
parent: 0553785f2289a4cd482a0346a94c9647c04683cb (diff)
download: linux-2.4-7b8280869fcc810656c70cba6a2c22c790626627.tar.gz
1 files changed, 0 insertions, 3 deletions
diff --git a/fs/ncpfs/mmap.c b/fs/ncpfs/mmap.c
index 7d9bc345d4f0a5..dd8cb1a9eca6d2 100644
--- a/fs/ncpfs/mmap.c
+++ b/fs/ncpfs/mmap.c
@@ -47,9 +47,6 @@ static struct page* ncp_file_mmap_nopage(struct vm_area_struct *area,
 	pos = address - area->vm_start + (area->vm_pgoff << PAGE_SHIFT);
 
 	count = PAGE_SIZE;
-	if (address + PAGE_SIZE > area->vm_end) {
-		count = area->vm_end - address;
-	}
 	/* what we can read in one go */
 	bufsize = NCP_SERVER(inode)->buffer_size;
author	Willy Tarreau <w@1wt.eu>	2008-02-03 18:32:33 +0100
committer	Willy Tarreau <w@1wt.eu>	2008-07-20 18:25:39 +0200
commit	7b8280869fcc810656c70cba6a2c22c790626627 (patch)
tree	ec05db6af3268bad8ed87a8502266cdc200b562e /fs
parent	0553785f2289a4cd482a0346a94c9647c04683cb (diff)
download	linux-2.4-7b8280869fcc810656c70cba6a2c22c790626627.tar.gz