Re: [PATCH v2 3/6] bfa: ensure the copied buf is NUL terminated
From: Martin K. Petersen
Date: Mon May 06 2024 - 21:20:34 EST
Bui,
> Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from
> userspace to that buffer. Later, we use sscanf on this buffer but we don't
> ensure that the string is terminated inside the buffer, this can lead to
> OOB read when using sscanf. Fix this issue by using memdup_user_nul
> instead of memdup_user.
Applied to 6.10/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering