| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170215010228.GA26880@kroah.com>
Date: Tue, 14 Feb 2017 17:02:28 -0800
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: "Tobin C. Harding" <me@...in.cc>
Cc: Thomas Petazzoni <thomas.petazzoni@...e-electrons.com>,
noralf@...nnes.org, devel@...verdev.osuosl.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: fbtft: Fix buffer overflow vulnerability
On Wed, Feb 15, 2017 at 11:42:54AM +1100, Tobin C. Harding wrote:
> Module copies a user supplied string (module parameter) into a buffer
> using strncpy() and does not check that the buffer is null terminated.
>
> Replace call to strncpy() with call to strlcpy() ensuring that the
> buffer is null terminated.
>
> Signed-off-by: Tobin C. Harding <me@...in.cc>
> ---
> drivers/staging/fbtft/fbtft_device.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/fbtft/fbtft_device.c b/drivers/staging/fbtft/fbtft_device.c
> index de46f8d..7b7223b 100644
> --- a/drivers/staging/fbtft/fbtft_device.c
> +++ b/drivers/staging/fbtft/fbtft_device.c
> @@ -1483,7 +1483,7 @@ static int __init fbtft_device_init(void)
> displays[i].pdev->name = name;
> displays[i].spi = NULL;
> } else {
> - strncpy(displays[i].spi->modalias, name, SPI_NAME_SIZE);
> + strlcpy(displays[i].spi->modalias, name, SPI_NAME_SIZE);
Shouldn't we properly check the return value here to know if the buffer
did get truncated? Or do we really care?
thanks,
greg k-h
Powered by blists - more mailing lists