Re: [PATCH] wcd9335: fix a incorrect use of kstrndup()
From: Tyler Hicks
Date: Tue Jun 18 2019 - 19:11:45 EST
On 2019-06-05 06:57:02, Jiri Slaby wrote:
> On 29. 05. 19, 3:53, Gen Zhang wrote:
> > In wcd9335_codec_enable_dec(), 'widget_name' is allocated by kstrndup().
> > However, according to doc: "Note: Use kmemdup_nul() instead if the size
> > is known exactly."
> Except the size is not known exactly. It is at most 15, not 15. Right?
That's my understanding, as well. This change looks incorrect/misguided
CVE-2019-12454 was assigned for this but I've requested that MITRE
reject it as there doesn't seem to be any security impact and possibly
no reason at all for this change.
> > So we should use kmemdup_nul() here instead of
> > kstrndup().
> > Signed-off-by: Gen Zhang <blackgod016574@xxxxxxxxx>
> > ---
> > diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
> > index a04a7ce..85737fe 100644
> > --- a/sound/soc/codecs/wcd9335.c
> > +++ b/sound/soc/codecs/wcd9335.c
> > @@ -2734,7 +2734,7 @@ static int wcd9335_codec_enable_dec(struct snd_soc_dapm_widget *w,
> > char *dec;
> > u8 hpf_coff_freq;
> > - widget_name = kstrndup(w->name, 15, GFP_KERNEL);
> > + widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
> > if (!widget_name)
> > return -ENOMEM;
> suse labs