Re: [v3] libertas: Avoid reading past end of buffer

From: Kalle Valo
Date: Wed May 24 2017 - 09:44:35 EST

Next message: Alan Cox: "Re: [PATCH 3.18 34/59] tty: Prevent ldisc drivers from re-using stale tty fields"
Previous message: Michal Hocko: "[PATCH] mm, memory_hotplug: move movable_node to the hotplug proper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> Using memcpy() from a string that is shorter than the length copied means
> the destination buffer is being filled with arbitrary data from the kernel
> rodata segment. Instead, redefine the stat strings to be ETH_GSTRING_LEN
> sizes, like other drivers. This lets us use a single memcpy that does not
> leak rodata contents. Additionally adjust indentation to keep checkpatch.pl
> happy.
>
> This was found with the future CONFIG_FORTIFY_SOURCE feature.
>
> Cc: Daniel Micay <danielmicay@xxxxxxxxx>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>

Patch applied to wireless-drivers-next.git, thanks.

12e3c0433e8a libertas: Avoid reading past end of buffer

--
https://patchwork.kernel.org/patch/9727997/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Next message: Alan Cox: "Re: [PATCH 3.18 34/59] tty: Prevent ldisc drivers from re-using stale tty fields"
Previous message: Michal Hocko: "[PATCH] mm, memory_hotplug: move movable_node to the hotplug proper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]