[PATCH] efi: fix out-of-bounds null overwrite vulnerability
From: Insu Yun
Date: Thu Jan 07 2016 - 14:05:26 EST
snprintf's return value is not bound by size value.
(https://www.kernel.org/doc/htmldocs/kernel-api/API-snprintf.html)
if printed value is larger than buffer size, it can overwrite
null byte in out-of-bounds buffer.
Signed-off-by: Insu Yun <wuninsu@xxxxxxxxx>
---
drivers/firmware/efi/cper.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
index d425374..77aa75f 100644
--- a/drivers/firmware/efi/cper.c
+++ b/drivers/firmware/efi/cper.c
@@ -267,7 +267,6 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg)
"DIMM location: not present. DMI handle: 0x%.4x ",
mem->mem_dev_handle);
- msg[n] = '\0';
return n;
}
--
1.9.1