summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Wiedmann <jwi@linux.ibm.com>2020-10-01 20:21:26 +0300
committerDavid S. Miller <davem@davemloft.net>2020-10-04 02:51:07 +0300
commit398999bac6ea8842706d613630f907b817f47c6d (patch)
treee6b24e67e48c80ef7c91eda7e5fa634b3de51a71
parent8e1b3884eed7d96d4f1210b668611ee6a1803ea5 (diff)
downloadlinux-398999bac6ea8842706d613630f907b817f47c6d.tar.xz
net/af_iucv: right-size the uid variable in iucv_sock_bind()
smatch complains about net/iucv/af_iucv.c:624 iucv_sock_bind() error: memcpy() 'sa->siucv_user_id' too small (8 vs 9) Which is absolutely correct - the memcpy() takes 9 bytes (sizeof(uid)) from an 8-byte field (sa->siucv_user_id). Luckily the sockaddr_iucv struct contains more data after the .siucv_user_id field, and we checked the size of the passed data earlier on. So the memcpy() won't accidentally read from an invalid location. Fix the warning by reducing the size of the uid variable to what's actually needed, and thus reducing the amount of copied data. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Reviewed-by: Karsten Graul <kgraul@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/iucv/af_iucv.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index a95af62acb52..d80572074667 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -588,11 +588,11 @@ static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr,
int addr_len)
{
struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr;
+ char uid[sizeof(sa->siucv_user_id)];
struct sock *sk = sock->sk;
struct iucv_sock *iucv;
int err = 0;
struct net_device *dev;
- char uid[9];
/* Verify the input sockaddr */
if (addr_len < sizeof(struct sockaddr_iucv) ||