Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / fdb8a42742ac95606668f73481dfb2f760658fdd
commitfdb8a42742ac95606668f73481dfb2f760658fdd[log] [tgz]
authorRoel Kluin <roel.kluin@gmail.com>Thu Aug 06 15:58:13 2009 -0700
committerH. Peter Anvin <hpa@zytor.com>Sun Aug 09 01:08:42 2009 -0700
tree5dd433f3190ba47117a7bc849b71eb38878e6c85
parent498cdbfbcf98e0d2c90a26e6a02a82f043876e48 [diff]
x86: fix buffer overflow in efi_init()

If the vendor name (from c16) can be longer than 100 bytes (or missing a
terminating null), then the null is written past the end of vendor[].

Found with Parfait, http://research.sun.com/projects/parfait/

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: Huang Ying <ying.huang@intel.com>
1 file changed
tree: 5dd433f3190ba47117a7bc849b71eb38878e6c85
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS