Merge branch 'ensure-the-copied-buf-is-nul-terminated' - kernel

diff options

author	Jakub Kicinski <[email protected]>	2024-04-26 02:23:51 +0000
committer	Jakub Kicinski <[email protected]>	2024-04-26 02:23:51 +0000
commit	a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c (patch)
tree	372ccd84a71818b0731f7ef829fbb527541f6d7f /net/nsh/nsh.c
parent	Merge tag 'net-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netd... (diff)
parent	octeontx2-af: avoid off-by-one read from userspace (diff)
download	kernel-a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c.tar.gz kernel-a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c.zip

Merge branch 'ensure-the-copied-buf-is-nul-terminated'

Bui Quang Minh says: ==================== Ensure the copied buf is NUL terminated (part) I found that some drivers contains an out-of-bound read pattern like this kern_buf = memdup_user(user_buf, count); ... sscanf(kern_buf, ...); The sscanf can be replaced by some other string-related functions. This pattern can lead to out-of-bound read of kern_buf in string-related functions. This series fix the above issue by replacing memdup_user with memdup_user_nul. v1: https://lore.kernel.org/r/[email protected] ==================== Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>

Diffstat (limited to 'net/nsh/nsh.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: