| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170322140137.28485-1-colin.king@canonical.com>
Date: Wed, 22 Mar 2017 14:01:37 +0000
From: Colin King <colin.king@...onical.com>
To: Johannes Thumshirn <jth@...nel.org>,
"James E . J . Bottomley" <jejb@...ux.vnet.ibm.com>,
"Martin K . Petersen" <martin.petersen@...cle.com>,
fcoe-devel@...n-fcoe.org, linux-scsi@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] scsi: fcoe: sanity check string size for store_ctrl_mode option
From: Colin Ian King <colin.king@...onical.com>
Reading and writing to mode[count - 1] implies the count should not
be less than 1 so add a sanity check for this.
Detected with CoverityScan, CID#1357345 ("Overflowed array index write")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
drivers/scsi/fcoe/fcoe_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
index 9cf3d56296ab..e298240c728c 100644
--- a/drivers/scsi/fcoe/fcoe_sysfs.c
+++ b/drivers/scsi/fcoe/fcoe_sysfs.c
@@ -288,7 +288,7 @@ static ssize_t store_ctlr_mode(struct device *dev,
struct fcoe_ctlr_device *ctlr = dev_to_ctlr(dev);
char mode[FCOE_MAX_MODENAME_LEN + 1];
- if (count > FCOE_MAX_MODENAME_LEN)
+ if (count < 1 || count > FCOE_MAX_MODENAME_LEN)
return -EINVAL;
strncpy(mode, buf, count);
--
2.11.0
Powered by blists - more mailing lists