aboutsummaryrefslogtreecommitdiff
path: root/hugeadm.c
diff options
context:
space:
mode:
authorEric B Munson <ebmunson@us.ibm.com>2009-05-13 11:22:37 +0100
committerEric B Munson <ebmunson@us.ibm.com>2009-05-13 15:34:32 +0100
commitb8d8bd39075e772da64bd7d5e75167c1b9eb6767 (patch)
tree157c3de1a24b677559dfa464e67ced56a8133b8b /hugeadm.c
parent1e4d1b933de293d52adae2766a5d3313890a5fca (diff)
downloadlibhugetlbfs-b8d8bd39075e772da64bd7d5e75167c1b9eb6767.tar.gz
Remove buffer overflow from --pool-pages-[min|max] V2
Commit f6d20b8135e0c1ca73e8ae329be47d43be261c0b introduces a subtle buffer overflow by storing each pool resize request in a buffer without checking against the buffer size. This patch makes a check against array size and ignores all pool resize requests after the first POOL_MAX. Signed-off-by: Eric B Munson <ebmunson@us.ibm.com> Acked-by: Mel Gorman <mel@csn.ul.ie>
Diffstat (limited to 'hugeadm.c')
-rw-r--r--hugeadm.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/hugeadm.c b/hugeadm.c
index e1faefb..94b1386 100644
--- a/hugeadm.c
+++ b/hugeadm.c
@@ -852,7 +852,13 @@ int main(int argc, char** argv)
break;
case LONG_POOL_MIN_ADJ:
- opt_min_adj[minadj_count++] = optarg;
+ if (minadj_count == MAX_POOLS) {
+ WARNING("Attempting to adjust an invalid "
+ "pool or a pool multiple times, "
+ "ignoring request: '%s'\n", optarg);
+ } else {
+ opt_min_adj[minadj_count++] = optarg;
+ }
break;
case LONG_POOL_MAX_ADJ:
@@ -861,7 +867,14 @@ int main(int argc, char** argv)
"max cannot be adjusted\n");
exit(EXIT_FAILURE);
}
- opt_max_adj[maxadj_count++] = optarg;
+
+ if (maxadj_count == MAX_POOLS) {
+ WARNING("Attempting to adjust an invalid "
+ "pool or a pool multiple times, "
+ "ignoring request: '%s'\n", optarg);
+ } else {
+ opt_max_adj[maxadj_count++] = optarg;
+ }
break;
case LONG_MOVABLE_ENABLE: