| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231211160221.2843339-1-hardevsinh.palaniya@siliconsignals.io>
Date: Mon, 11 Dec 2023 21:32:20 +0530
From: Hardevsinh Palaniya <hardevsinh.palaniya@...iconsignals.io>
To: agross@...nel.org, andersson@...nel.org
Cc: hardevsinh.palaniya@...iconsignals.io,
Konrad Dybcio <konrad.dybcio@...aro.org>,
Mathieu Poirier <mathieu.poirier@...aro.org>,
linux-arm-msm@...r.kernel.org, linux-remoteproc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] rpmsg: glink: Fix buffer overflow
In qcom_glink_send_open_req() remove error: strcpy() 'channel->name'
too large for 'req.name' (1010102 vs 32)
Signed-off-by: Hardevsinh Palaniya <hardevsinh.palaniya@...iconsignals.io>
diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c
index 82d460ff4777..2d6a592e1c72 100644
--- a/drivers/rpmsg/qcom_glink_native.c
+++ b/drivers/rpmsg/qcom_glink_native.c
@@ -479,7 +479,7 @@ static int qcom_glink_send_open_req(struct qcom_glink *glink,
req.msg.cmd = cpu_to_le16(GLINK_CMD_OPEN);
req.msg.param1 = cpu_to_le16(channel->lcid);
req.msg.param2 = cpu_to_le32(name_len);
- strcpy(req.name, channel->name);
+ strscpy_pad(req.name, channel->name, sizeof(req.name));
ret = qcom_glink_tx(glink, &req, req_len, NULL, 0, true);
if (ret)
--
2.25.1
Powered by blists - more mailing lists