Ubuntu
linux-source-2.6.22 package

  1. Bug #190587
  2. Comment #90

Comment 90 for bug 190587

Revision history for this message
In , mjc (mjc-redhat-bugs) wrote :

Proposed patch for RHEL5 from Al Viro

diff -urN linux-2.6.18.x86_64/fs/splice.c linux-2.6.18.x86_64-fix/fs/splice.c
--- linux-2.6.18.x86_64/fs/splice.c 2008-02-10 11:08:19.000000000 -0500
+++ linux-2.6.18.x86_64-fix/fs/splice.c 2008-02-10 11:31:06.000000000 -0500
@@ -1154,6 +1154,9 @@
                if (unlikely(!base))
                        break;

+ if (unlikely(!access_ok(VERIFY_READ, base, len)))
+ break;
+
                /*
                 * Get this base offset and number of pages, then map
                 * in the user pages.