Merge branch 'ensure-the-copied-buf-is-nul-terminated' - linux - Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/

diff options

author	Jakub Kicinski <kuba@kernel.org>	2024-04-25 19:23:51 -0700
committer	Jakub Kicinski <kuba@kernel.org>	2024-04-25 19:23:51 -0700
commit	a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c (patch)
tree	372ccd84a71818b0731f7ef829fbb527541f6d7f /net/nsh/nsh.c
parent	Merge tag 'net-6.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netd... (diff)
parent	octeontx2-af: avoid off-by-one read from userspace (diff)
download	linux-a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c.tar.gz linux-a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c.zip

Merge branch 'ensure-the-copied-buf-is-nul-terminated'

Bui Quang Minh says: ==================== Ensure the copied buf is NUL terminated (part) I found that some drivers contains an out-of-bound read pattern like this kern_buf = memdup_user(user_buf, count); ... sscanf(kern_buf, ...); The sscanf can be replaced by some other string-related functions. This pattern can lead to out-of-bound read of kern_buf in string-related functions. This series fix the above issue by replacing memdup_user with memdup_user_nul. v1: https://lore.kernel.org/r/20240422-fix-oob-read-v1-0-e02854c30174@gmail.com ==================== Link: https://lore.kernel.org/r/20240424-fix-oob-read-v2-0-f1f1b53a10f4@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'net/nsh/nsh.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: