[PATCH v2 1/2] misc: c2port: core: Make copying name from userspace more secure
From: Lee Jones
Date: Mon Nov 02 2020 - 09:20:20 EST
Currently the 'c2dev' device data is not initialised when it's
allocated. There maybe an issue when using strncpy() to populate the
'name' attribute since a NUL terminator may not be provided in all
use-cases. To prevent such a failing, let's ensure the 'c2dev'
device data area is fully zeroed out on allocation.
Cc: Rodolfo Giometti <giometti@xxxxxxxxxxxx>
Cc: "Eurotech S.p.A" <info@xxxxxxxxxxx>
Cc: David Laight <David.Laight@xxxxxxxxxx>
Reported-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
Acked-by: Arnd Bergmann <arnd@xxxxxxxx>
Signed-off-by: Lee Jones <lee.jones@xxxxxxxxxx>
---
drivers/misc/c2port/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c
index 80d87e8a0bea9..fb9a1b49ff6de 100644
--- a/drivers/misc/c2port/core.c
+++ b/drivers/misc/c2port/core.c
@@ -899,7 +899,7 @@ struct c2port_device *c2port_device_register(char *name,
unlikely(!ops->c2d_get) || unlikely(!ops->c2d_set))
return ERR_PTR(-EINVAL);
- c2dev = kmalloc(sizeof(struct c2port_device), GFP_KERNEL);
+ c2dev = kzalloc(sizeof(struct c2port_device), GFP_KERNEL);
if (unlikely(!c2dev))
return ERR_PTR(-ENOMEM);
--
2.25.1