| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230604131215.78847-1-andriy.shevchenko@linux.intel.com>
Date: Sun, 4 Jun 2023 16:12:14 +0300
From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
linux-gpio@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: Linus Walleij <linus.walleij@...aro.org>
Subject: [PATCH v1 1/2] pinctrl: Duplicate user memory in one go in pinmux_select()
Current code is suboptimal in three ways:
1) it explicitly terminates the string which is not needed;
2) it might provoke additional faults, because asked lenght might be
bigger than the real one;
3) it consumes more than needed lines in the source.
Instead of using kmalloc() + strncpy_from_user() + terminating, just
utilize memdup_user_nul().
Signed-off-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
---
drivers/pinctrl/pinmux.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/drivers/pinctrl/pinmux.c b/drivers/pinctrl/pinmux.c
index 021382632608..2d2f3bd164d5 100644
--- a/drivers/pinctrl/pinmux.c
+++ b/drivers/pinctrl/pinmux.c
@@ -692,14 +692,9 @@ static ssize_t pinmux_select(struct file *file, const char __user *user_buf,
if (len > PINMUX_SELECT_MAX)
return -ENOMEM;
- buf = kzalloc(PINMUX_SELECT_MAX, GFP_KERNEL);
- if (!buf)
- return -ENOMEM;
-
- ret = strncpy_from_user(buf, user_buf, PINMUX_SELECT_MAX);
- if (ret < 0)
- goto exit_free_buf;
- buf[len-1] = '\0';
+ buf = memdup_user_nul(user_buf, len);
+ if (IS_ERR(buf))
+ return PTR_ERR(buf);
/* remove leading and trailing spaces of input buffer */
gname = strstrip(buf);
--
2.40.0.1.gaa8946217a0b
Powered by blists - more mailing lists