| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1370035469-18138-1-git-send-email-minipli@googlemail.com> Date: Fri, 31 May 2013 23:24:29 +0200 From: Mathias Krause <minipli@...glemail.com> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: linux-kernel@...r.kernel.org, Mathias Krause <minipli@...glemail.com> Subject: [PATCH] debugfs: write_file_bool() - ensure strtobool() operates on valid data In case, userland writes an empty string to a bool debugfs file, buf[] will still be uninitialized when being passed to strtobool() making the outcome of that function purely random. Fix this by always zero-terminating the buffer. Signed-off-by: Mathias Krause <minipli@...glemail.com> --- fs/debugfs/file.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c index c5ca6ae..b15a1c5 100644 --- a/fs/debugfs/file.c +++ b/fs/debugfs/file.c @@ -431,6 +431,7 @@ static ssize_t write_file_bool(struct file *file, const char __user *user_buf, if (copy_from_user(buf, user_buf, buf_size)) return -EFAULT; + buf[buf_size] = '\0'; if (strtobool(buf, &bv) == 0) *val = bv; -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists