s390/sclp: always stay within bounds of the early sccb

Make sure the _sclp_print_lm function stays within bounds of the early
sccb, even if the passed string is very long.  If the string is too
long, the remaining characters will be dropped.

Suggested-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

diff --git a/arch/s390/kernel/sclp.c b/arch/s390/kernel/sclp.c
index 7453243..53e391f 100644 (file)
--- a/arch/s390/kernel/sclp.c
+++ b/arch/s390/kernel/sclp.c
@@ -132,16 +132,21 @@ static void _sclp_print_lm(const char *str)
                0x10, 0x00,                                     /* 4 */
                0x00, 0x00, 0x00, 0x00                          /* 6 */
        };
-       unsigned char *ptr, ch;
+       unsigned char *ptr, *end_ptr, ch;
        unsigned int count;
 
        memcpy(_sclp_work_area, write_head, sizeof(write_head));
        ptr = _sclp_work_area + sizeof(write_head);
+       end_ptr = _sclp_work_area + sizeof(_sclp_work_area) - 1;
        do {
+               if (ptr + sizeof(write_mto) > end_ptr)
+                       break;
                memcpy(ptr, write_mto, sizeof(write_mto));
                for (count = sizeof(write_mto); (ch = *str++) != 0; count++) {
                        if (ch == 0x0a)
                                break;
+                       if (ptr > end_ptr)
+                               break;
                        ptr[count] = _ascebc[ch];
                }
                /* Update length fields in mto, mdb, evbuf and sccb */