Re: [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated

From: Martin K. Petersen
Date: Mon May 06 2024 - 21:20:51 EST



Bui,

> Currently, we allocate a count-sized kernel buffer and copy count from
> userspace to that buffer. Later, we use kstrtouint on this buffer but we
> don't ensure that the string is terminated inside the buffer, this can
> lead to OOB read when using kstrtouint. Fix this issue by using
> memdup_user_nul instead of memdup_user.

Applied to 6.10/scsi-staging, thanks!

--
Martin K. Petersen Oracle Linux Engineering