96a8d14e875a017f9e9e71d93433414e9fb8863f - kernel/msm-4.9

commit	96a8d14e875a017f9e9e71d93433414e9fb8863f	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Thu Jan 24 09:41:43 2013 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Fri Jan 25 11:21:26 2013 -0800
tree	80e1968fc8318243921c35be0cf6324f4fa01e9f
parent	392c6ff87f568d573239b763855160d1f06114de [diff]

staging: cxt1e1: buffer overflow in do_del_chan()

If we don't restrict "cp.channum" to 3 digits then the sprintf() will
overflow.  I've added a check and changed the sprintf() to snprintf().

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/staging/cxt1e1/linux.c[diff]

1 file changed

tree: 80e1968fc8318243921c35be0cf6324f4fa01e9f