net/sched: potential data corruption
commit0eff683f737bf684dc9299e2eaca79cceb80a8c1
authorDan Carpenter <error27@gmail.com>
Thu, 15 Jul 2010 00:56:37 +0000 (14 17:56 -0700)
committerDavid S. Miller <davem@davemloft.net>
Thu, 15 Jul 2010 00:56:37 +0000 (14 17:56 -0700)
treeab92685be15606c06dbab82c581a3b1c0da72986
parentf8320f059296eb8cab6e2429c7ec79b43d42cf42
net/sched: potential data corruption

The reset_policy() does:
        memset(d->tcfd_defdata, 0, SIMP_MAX_DATA);
        strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);

In the original code, the size of d->tcfd_defdata wasn't fixed and if
strlen(defdata) was less than 31, reset_policy() would cause memory
corruption.

Please Note:  The original alloc_defdata() assumes defdata is 32
characters and a NUL terminator while reset_policy() assumes defdata is
31 characters and a NUL.  This patch updates alloc_defdata() to match
reset_policy() (ie a shorter string).  I'm not very familiar with this
code so please review carefully.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/act_simple.c