lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Thu, 23 Oct 2014 13:32:54 +0300
From:	Tomas Winkler <>
	Alexander Usyskin <>,
	Tomas Winkler <>
Subject: [char-misc 3.10 backport] mei: bus: fix possible boundaries violation

From: Alexander Usyskin <>

commit cfda2794b5afe7ce64ee9605c64bef0e56a48125 upstream.

function 'strncpy' will fill whole buffer '' of fixed size (32)
with string value and will not leave place for NULL-terminator.
Possible buffer boundaries violation in following string operations.
Replace strncpy with strlcpy.

Cc: # 3.10
Signed-off-by: Alexander Usyskin <>
Signed-off-by: Tomas Winkler <>
Signed-off-by: Greg Kroah-Hartman <>
 drivers/misc/mei/bus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c
index 99cc0b07a713..0513ea0906dd 100644
--- a/drivers/misc/mei/bus.c
+++ b/drivers/misc/mei/bus.c
@@ -71,7 +71,7 @@ static int mei_cl_device_probe(struct device *dev)
 	dev_dbg(dev, "Device probe\n");
-	strncpy(, dev_name(dev), MEI_CL_NAME_SIZE);
+	strlcpy(, dev_name(dev), sizeof(;
 	return driver->probe(device, &id);

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists