s390/cmm: fix information leak in cmm_timeout_handler() - android_kernel_xiaomi_sdm660.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Yihui ZENG <yzeng56@asu.edu>	2019-10-25 12:31:48 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-11-06 12:09:21 +0100
commit	1cdb53607683a4fa8625a3f3eb65e5d9f4572166 (patch)
tree	332c38ec0ddd5c541e091af6abcfbacd10c5db77 /drivers/ipack/ipack.c
parent	3af30fce8990fbe190831bdba55e4d2c97b7e222 (diff)

s390/cmm: fix information leak in cmm_timeout_handler()

commit b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f upstream. The problem is that we were putting the NUL terminator too far: buf[sizeof(buf) - 1] = '\0'; If the user input isn't NUL terminated and they haven't initialized the whole buffer then it leads to an info leak. The NUL terminator should be: buf[len - 1] = '\0'; Signed-off-by: Yihui Zeng <yzeng56@asu.edu> Cc: stable@vger.kernel.org Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> [heiko.carstens@de.ibm.com: keep semantics of how *lenp and *ppos are handled] Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'drivers/ipack/ipack.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: