Re: [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated

From: Martin K. Petersen
Date: Mon May 06 2024 - 21:20:51 EST

Next message: Andrew Lunn: "Re: [net-next PATCH] net: stmmac: dwmac-ipq806x: account for rgmii-txid/rxid/id phy-mode"
Previous message: Martin K. Petersen: "Re: [PATCH v2 3/6] bfa: ensure the copied buf is NUL terminated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bui,

> Currently, we allocate a count-sized kernel buffer and copy count from
> userspace to that buffer. Later, we use kstrtouint on this buffer but we
> don't ensure that the string is terminated inside the buffer, this can
> lead to OOB read when using kstrtouint. Fix this issue by using
> memdup_user_nul instead of memdup_user.

Applied to 6.10/scsi-staging, thanks!

--
Martin K. Petersen Oracle Linux Engineering

Next message: Andrew Lunn: "Re: [net-next PATCH] net: stmmac: dwmac-ipq806x: account for rgmii-txid/rxid/id phy-mode"
Previous message: Martin K. Petersen: "Re: [PATCH v2 3/6] bfa: ensure the copied buf is NUL terminated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]