[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190618230527.GE6248@lindsey>
Date: Tue, 18 Jun 2019 18:05:28 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: Jiri Slaby <jslaby@...e.cz>
Cc: Gen Zhang <blackgod016574@...il.com>, broonie@...nel.org,
lgirdwood@...il.com, perex@...ex.cz, wen.yang99@....com.cn,
alsa-devel@...a-project.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] wcd9335: fix a incorrect use of kstrndup()
On 2019-06-05 06:57:02, Jiri Slaby wrote:
> On 29. 05. 19, 3:53, Gen Zhang wrote:
> > In wcd9335_codec_enable_dec(), 'widget_name' is allocated by kstrndup().
> > However, according to doc: "Note: Use kmemdup_nul() instead if the size
> > is known exactly."
>
> Except the size is not known exactly. It is at most 15, not 15. Right?
That's my understanding, as well. This change looks incorrect/misguided
to me.
CVE-2019-12454 was assigned for this but I've requested that MITRE
reject it as there doesn't seem to be any security impact and possibly
no reason at all for this change.
Tyler
>
> > So we should use kmemdup_nul() here instead of
> > kstrndup().
> >
> > Signed-off-by: Gen Zhang <blackgod016574@...il.com>
> > ---
> > diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
> > index a04a7ce..85737fe 100644
> > --- a/sound/soc/codecs/wcd9335.c
> > +++ b/sound/soc/codecs/wcd9335.c
> > @@ -2734,7 +2734,7 @@ static int wcd9335_codec_enable_dec(struct snd_soc_dapm_widget *w,
> > char *dec;
> > u8 hpf_coff_freq;
> >
> > - widget_name = kstrndup(w->name, 15, GFP_KERNEL);
> > + widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
> > if (!widget_name)
> > return -ENOMEM;
> >
>
> thanks,
> --
> js
> suse labs
Powered by blists - more mailing lists