lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20231017182026.2141163-1-danielmentz@google.com>
Date:   Tue, 17 Oct 2023 11:20:26 -0700
From:   Daniel Mentz <danielmentz@...gle.com>
To:     linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     Tomas Winkler <tomas.winkler@...el.com>,
        Avri Altman <avri.altman@....com>,
        "Martin K . Petersen" <martin.petersen@...cle.com>,
        Daniel Mentz <danielmentz@...gle.com>,
        Mars Cheng <marscheng@...gle.com>,
        Bart Van Assche <bvanassche@....org>,
        Yen-lin Lai <yenlinlai@...gle.com>
Subject: [PATCH] scsi: ufs: Leave space for '\0' in utf8 desc string

utf16s_to_utf8s does not NULL terminate the output string. For us to be
able to add a NULL character when utf16s_to_utf8s returns, we need to
make sure that there is space for such NULL character at the end of the
output buffer. We can achieve this by passing an output buffer size to
utf16s_to_utf8s that is one character less than what we allocated.

Other call sites of utf16s_to_utf8s appear to be using the same
technique where they artificially reduce the buffer size by one to leave
space for a NULL character or line feed character.

Fixes: 4b828fe156a6 ("scsi: ufs: revamp string descriptor reading")
Reviewed-by: Mars Cheng <marscheng@...gle.com>
Reviewed-by: Bart Van Assche <bvanassche@....org>
Reviewed-by: Yen-lin Lai <yenlinlai@...gle.com>
Signed-off-by: Daniel Mentz <danielmentz@...gle.com>
---
 drivers/ufs/core/ufshcd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index 8382e8cfa414..5767642982c1 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -3632,7 +3632,7 @@ int ufshcd_read_string_desc(struct ufs_hba *hba, u8 desc_index,
 		 */
 		ret = utf16s_to_utf8s(uc_str->uc,
 				      uc_str->len - QUERY_DESC_HDR_SIZE,
-				      UTF16_BIG_ENDIAN, str, ascii_len);
+				      UTF16_BIG_ENDIAN, str, ascii_len - 1);
 
 		/* replace non-printable or non-ASCII characters with spaces */
 		for (i = 0; i < ret; i++)
-- 
2.42.0.655.g421f12c284-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ