[PATCH 3.10 53/70] mei: bus: fix possible boundaries violation

From: Greg Kroah-Hartman
Date: Wed Nov 19 2014 - 16:24:19 EST

3.10-stable review patch. If anyone has any objections, please let me know.


From: Alexander Usyskin <alexander.usyskin@xxxxxxxxx>

commit cfda2794b5afe7ce64ee9605c64bef0e56a48125 upstream.

function 'strncpy' will fill whole buffer 'id.name' of fixed size (32)
with string value and will not leave place for NULL-terminator.
Possible buffer boundaries violation in following string operations.
Replace strncpy with strlcpy.

Signed-off-by: Alexander Usyskin <alexander.usyskin@xxxxxxxxx>
Signed-off-by: Tomas Winkler <tomas.winkler@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

drivers/misc/mei/bus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/misc/mei/bus.c
+++ b/drivers/misc/mei/bus.c
@@ -71,7 +71,7 @@ static int mei_cl_device_probe(struct de

dev_dbg(dev, "Device probe\n");

- strncpy(id.name, dev_name(dev), MEI_CL_NAME_SIZE);
+ strlcpy(id.name, dev_name(dev), sizeof(id.name));

return driver->probe(device, &id);

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/