| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Oct 2017 10:54:41 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Benson Leung <bleung@...omium.org>,
Javier Martinez Canillas <javier.martinez@...labora.co.uk>
Cc: Olof Johansson <olof@...om.net>, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org, Lee Jones <lee.jones@...aro.org>
Subject: [PATCH] platform/chrome: cros_ec: Array underflow in
show_ec_version()
msg->data[] is a zero size array so we're putting the NUL terminator one
character before the start of the array.
Fixes: a841178445bb ("mfd: cros_ec: Use a zero-length array for command data")
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
diff --git a/drivers/platform/chrome/cros_ec_sysfs.c b/drivers/platform/chrome/cros_ec_sysfs.c
index 0fd88eb03d39..8a8e2a101ad0 100644
--- a/drivers/platform/chrome/cros_ec_sysfs.c
+++ b/drivers/platform/chrome/cros_ec_sysfs.c
@@ -175,7 +175,7 @@ static ssize_t show_ec_version(struct device *dev,
count += scnprintf(buf + count, PAGE_SIZE - count,
"Build info: EC error %d\n", msg->result);
else {
- msg->data[sizeof(msg->data) - 1] = '\0';
+ msg->data[EC_HOST_PARAM_SIZE - 1] = '\0';
count += scnprintf(buf + count, PAGE_SIZE - count,
"Build info: %s\n", msg->data);
}
Powered by blists - more mailing lists