s390/cmm: fix information leak in cmm_timeout_handler() - kernel

diff options

author	Yihui ZENG <[email protected]>	2019-10-25 09:31:48 +0000
committer	Vasily Gorbik <[email protected]>	2019-10-31 16:26:48 +0000
commit	b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f (patch)
tree	84dd3a01c06ab6464064d591b3d03003da9e49e6 /net/unix/af_unix.c
parent	Linux 5.4-rc5 (diff)
download	kernel-b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f.tar.gz kernel-b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f.zip

s390/cmm: fix information leak in cmm_timeout_handler()

The problem is that we were putting the NUL terminator too far: buf[sizeof(buf) - 1] = '\0'; If the user input isn't NUL terminated and they haven't initialized the whole buffer then it leads to an info leak. The NUL terminator should be: buf[len - 1] = '\0'; Signed-off-by: Yihui Zeng <[email protected]> Cc: [email protected] Signed-off-by: Dan Carpenter <[email protected]> [[email protected]: keep semantics of how *lenp and *ppos are handled] Signed-off-by: Heiko Carstens <[email protected]> Signed-off-by: Vasily Gorbik <[email protected]>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: