| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231116070536.38122-1-shum.sdl@nppct.ru>
Date: Thu, 16 Nov 2023 10:05:36 +0300
From: Andrey Shumilin <shum.sdl@...ct.ru>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>
Cc: Andrey Shumilin <shum.sdl@...ct.ru>, linux-kernel@...r.kernel.org,
khoroshilov@...ras.ru, ykarpov@...ras.ru, vmerzlyakov@...ras.ru,
vefanov@...ras.ru
Subject: [PATCH 2/2] procfs.c: Increasing array size
The maximum size in bytes of the port->base and port->base_hi
variables is 20 bytes per variable, since they are copied in
decimal notation. Two more characters are \t and \n.
A maximum of 42 bytes can be written to a buffer variable.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrey Shumilin <shum.sdl@...ct.ru>
---
drivers/parport/procfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c
index bd388560ed59..9b894f7cb581 100644
--- a/drivers/parport/procfs.c
+++ b/drivers/parport/procfs.c
@@ -117,7 +117,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write,
void *result, size_t *lenp, loff_t *ppos)
{
struct parport *port = (struct parport *)table->extra1;
- char buffer[20];
+ char buffer[44];
int len = 0;
if (*ppos) {
--
2.30.2
Powered by blists - more mailing lists