[PATCH 1/1] misc: c2port: core: Make copying name from userspace more secure
Arnd Bergmann
arnd at arndb.de
Tue Jul 14 05:01:35 EDT 2020
On Tue, Jul 14, 2020 at 10:33 AM Lee Jones <lee.jones at linaro.org> wrote:
>
> Currently the 'c2dev' device data is not zeroed when its allocated.
> Coupled with the fact strncpy() *may not* provide a NUL terminator
> means that a 1-byte leak would be possible *if* this was ever copied
> to userspace.
>
> To prevent such a failing, let's first ensure the 'c2dev' device data
> area is fully zeroed out and ensure the buffer will always be NUL
> terminated by using the kernel's strscpy() which a) uses the
> destination (instead of the source) size as the bytes to copy and b)
> is *always* NUL terminated.
>
> Cc: Rodolfo Giometti <giometti at enneenne.com>
> Cc: "Eurotech S.p.A" <info at eurotech.it>
> Reported-by: Geert Uytterhoeven <geert+renesas at glider.be>
> Signed-off-by: Lee Jones <lee.jones at linaro.org>
Acked-by: Arnd Bergmann <arnd at arndb.de>
More information about the linux-arm-kernel
mailing list