Re: [RFC PATCH] netxen_nic: null-terminate serial number string in netxen_check_options()
From: David Miller
Date: Wed Apr 26 2017 - 14:38:39 EST
From: "Jerome Marchand" <jmarchan@xxxxxxxxxx>
Date: Tue, 25 Apr 2017 09:42:29 +0200
> The serial_num string in netxen_check_options() is not always properly
> null-terminated. I couldn't find the documention on the serial number
> format and I suspect a proper integer to string conversion is in
> order, but this patch a least prevents the out-of-bound access.
>
> It solves the following kasan warning:
...
> @@ -842,7 +842,7 @@ netxen_check_options(struct netxen_adapter *adapter)
> {
> u32 fw_major, fw_minor, fw_build, prev_fw_version;
> char brd_name[NETXEN_MAX_SHORT_NAME];
> - char serial_num[32];
> + char serial_num[33];
> int i, offset, val, err;
> __le32 *ptr32;
> struct pci_dev *pdev = adapter->pdev;
Another problem is that the serial_num array is only 4-byte aligned by
accident. Steps are necessary to make sure the ptr32 assignments don't
take unaligned traps.
Something like:
union {
char buf[33];
__le32 dummy;
} serial_num;