diff options
author | Jakub Kicinski <kuba@kernel.org> | 2024-04-26 05:23:51 +0300 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2024-04-26 05:23:51 +0300 |
commit | a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c (patch) | |
tree | 372ccd84a71818b0731f7ef829fbb527541f6d7f /net | |
parent | 52afb15e9d9a021ab6eec923a087ec9f518cb713 (diff) | |
parent | f299ee709fb45036454ca11e90cb2810fe771878 (diff) | |
download | linux-a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c.tar.xz |
Merge branch 'ensure-the-copied-buf-is-nul-terminated'
Bui Quang Minh says:
====================
Ensure the copied buf is NUL terminated (part)
I found that some drivers contains an out-of-bound read pattern like this
kern_buf = memdup_user(user_buf, count);
...
sscanf(kern_buf, ...);
The sscanf can be replaced by some other string-related functions. This
pattern can lead to out-of-bound read of kern_buf in string-related
functions.
This series fix the above issue by replacing memdup_user with
memdup_user_nul.
v1: https://lore.kernel.org/r/20240422-fix-oob-read-v1-0-e02854c30174@gmail.com
====================
Link: https://lore.kernel.org/r/20240424-fix-oob-read-v2-0-f1f1b53a10f4@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions