diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-04-03 00:12:54 +0900 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-04-19 09:37:12 +1000 |
commit | c0fa797ae6cd02ff87c0bfe0d509368a3b45640e (patch) | |
tree | 4f484333268919be0487ff5fdf9dd380d8bf6ed2 /fs/binfmt_elf.c | |
parent | e4f5f26d8336318a5aa0858223c81cf29fcf5f68 (diff) | |
download | op-kernel-dev-c0fa797ae6cd02ff87c0bfe0d509368a3b45640e.zip op-kernel-dev-c0fa797ae6cd02ff87c0bfe0d509368a3b45640e.tar.gz |
TOMOYO: Fix infinite loop bug when reading /sys/kernel/security/tomoyo/audit
In tomoyo_flush(), head->r.w[0] holds pointer to string data to be printed.
But head->r.w[0] was updated only when the string data was partially
printed (because head->r.w[0] will be updated by head->r.w[1] later if
completely printed). However, regarding /sys/kernel/security/tomoyo/query ,
an additional '\0' is printed after the string data was completely printed.
But if free space for read buffer became 0 before printing the additional '\0',
tomoyo_flush() was returning without updating head->r.w[0]. As a result,
tomoyo_flush() forever reprints already printed string data.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/binfmt_elf.c')
0 files changed, 0 insertions, 0 deletions