Re: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated

From: Alexander Gordeev
Date: Wed Apr 24 2024 - 11:17:29 EST

Next message: Stefan Wahren: "Re: [PATCH] staging: vc04_services: Delete unnecessary NULL check"
Previous message: Liam R. Howlett: "Re: [PATCH 2/2] lib/test_xarray.c: fix error assumptions on check_xa_multi_store_adv_add()"
In reply to: Heiko Carstens: "Re: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated"
Next in thread: Alexander Gordeev: "Re: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 24, 2024 at 09:44:22PM +0700, Bui Quang Minh wrote:
> Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from
> userspace to that buffer. Later, we use scanf on this buffer but we don't
> ensure that the string is terminated inside the buffer, this can lead to
> OOB read when using scanf. Fix this issue by using memdup_user_nul instead.
>
> Fixes: a4f17cc72671 ("s390/cio: add CRW inject functionality")
> Signed-off-by: Bui Quang Minh <minhquangbui99@xxxxxxxxx>
> ---
> drivers/s390/cio/cio_inject.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Applied, thanks!

Next message: Stefan Wahren: "Re: [PATCH] staging: vc04_services: Delete unnecessary NULL check"
Previous message: Liam R. Howlett: "Re: [PATCH 2/2] lib/test_xarray.c: fix error assumptions on check_xa_multi_store_adv_add()"
In reply to: Heiko Carstens: "Re: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated"
Next in thread: Alexander Gordeev: "Re: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]