Re: [PATCH v2 3/6] bfa: ensure the copied buf is NUL terminated

From: Martin K. Petersen
Date: Mon May 06 2024 - 21:20:34 EST

Next message: Martin K. Petersen: "Re: [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated"
Previous message: Kemeng Shi: "Re: [PATCH v2 2/4] mm: correct calculation of wb's bg_thresh in cgroup domain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bui,

> Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from
> userspace to that buffer. Later, we use sscanf on this buffer but we don't
> ensure that the string is terminated inside the buffer, this can lead to
> OOB read when using sscanf. Fix this issue by using memdup_user_nul
> instead of memdup_user.

Applied to 6.10/scsi-staging, thanks!

--
Martin K. Petersen Oracle Linux Engineering

Next message: Martin K. Petersen: "Re: [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated"
Previous message: Kemeng Shi: "Re: [PATCH v2 2/4] mm: correct calculation of wb's bg_thresh in cgroup domain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]