[PATCH v2 1/3] staging: fbtft: Fix buffer overflow vulnerability

From: Tobin C. Harding
Date: Tue Feb 14 2017 - 22:28:14 EST

Next message: Tobin C. Harding: "[PATCH v2 2/3] staging: fbtft: Replace magic number with constant"
Previous message: Tobin C. Harding: "[PATCH v2 0/3] staging: fbtft: Fix buffer overflow vulnerability"
In reply to: Tobin C. Harding: "[PATCH v2 0/3] staging: fbtft: Fix buffer overflow vulnerability"
Next in thread: Tobin C. Harding: "[PATCH v2 2/3] staging: fbtft: Replace magic number with constant"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Module copies a user supplied string (module parameter) into a buffer
using strncpy() and does not check that the buffer is null terminated.

Replace call to strncpy() with call to strlcpy() ensuring that the
buffer is null terminated.

Signed-off-by: Tobin C. Harding <me@xxxxxxxx>
---
drivers/staging/fbtft/fbtft_device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/fbtft/fbtft_device.c b/drivers/staging/fbtft/fbtft_device.c
index de46f8d..7b7223b 100644
--- a/drivers/staging/fbtft/fbtft_device.c
+++ b/drivers/staging/fbtft/fbtft_device.c
@@ -1483,7 +1483,7 @@ static int __init fbtft_device_init(void)
displays[i].pdev->name = name;
displays[i].spi = NULL;
} else {
- strncpy(displays[i].spi->modalias, name, SPI_NAME_SIZE);
+ strlcpy(displays[i].spi->modalias, name, SPI_NAME_SIZE);
displays[i].pdev = NULL;
}
}
--
2.7.4

Next message: Tobin C. Harding: "[PATCH v2 2/3] staging: fbtft: Replace magic number with constant"
Previous message: Tobin C. Harding: "[PATCH v2 0/3] staging: fbtft: Fix buffer overflow vulnerability"
In reply to: Tobin C. Harding: "[PATCH v2 0/3] staging: fbtft: Fix buffer overflow vulnerability"
Next in thread: Tobin C. Harding: "[PATCH v2 2/3] staging: fbtft: Replace magic number with constant"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]