Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 694fb34bebb6de95eb1293b2ca190edf7a909f18
commit694fb34bebb6de95eb1293b2ca190edf7a909f18[log] [tgz]
authorKees Cook <keescook@chromium.org>Fri May 05 15:34:34 2017 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Fri Apr 13 19:47:52 2018 +0200
treee8718f1efd70ccb64a5f0a4a4eaff97d9a38889c
parent68e356469b2ecdfc4777c3329753183cc40a9227 [diff]
qlge: Avoid reading past end of buffer


[ Upstream commit df5303a8aa9a0a6934f4cea7427f1edf771f21c2 ]

Using memcpy() from a string that is shorter than the length copied means
the destination buffer is being filled with arbitrary data from the kernel
rodata segment. Instead, use strncpy() which will fill the trailing bytes
with zeros.

This was found with the future CONFIG_FORTIFY_SOURCE feature.

Cc: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: e8718f1efd70ccb64a5f0a4a4eaff97d9a38889c
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS