| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cdfe3d41-5ea4-c6a8-fbab-4920d08c6303@kernel.org>
Date: Wed, 15 Mar 2023 08:04:16 +0100
From: Krzysztof Kozlowski <krzk@...nel.org>
To: Todd Brandt <todd.e.brandt@...el.com>, linux-input@...r.kernel.org,
linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: todd.e.brandt@...ux.intel.com, srinivas.pandruvada@...ux.intel.com,
jic23@...nel.org, jikos@...nel.org, p.jungkamp@....net
Subject: Re: [PATCH v2] Fix buffer overrun in HID-SENSOR name string
On 13/03/2023 23:06, Todd Brandt wrote:
> On some platforms there are some platform devices created with
> invalid names. For example: "HID-SENSOR-INT-020b?.39.auto" instead
> of "HID-SENSOR-INT-020b.39.auto"
>
> This string include some invalid characters, hence it will fail to
> properly load the driver which will handle this custom sensor. Also
> it is a problem for some user space tools, which parse the device
> names from ftrace and dmesg.
>
> This is because the string, real_usage, is not NULL terminated and
> printed with %s to form device name.
>
> To address this, we initialize the real_usage string with 0s.
>
> Philipp Jungkamp created this fix, I'm simply submitting it. I've
> verified it fixes bugzilla issue 217169
>
> Reported-and-tested-by: Todd Brandt <todd.e.brandt@...ux.intel.com>
> Signed-off-by: Todd Brandt <todd.e.brandt@...el.com>
SoB denotes that you reported this and tested. Otherwise shall we start
adding Reported and Tested tags to all of our commits?
Best regards,
Krzysztof
Powered by blists - more mailing lists