| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250217190404.354574-1-zoo868e@gmail.com>
Date: Tue, 18 Feb 2025 03:04:04 +0800
From: Matt Jan <zoo868e@...il.com>
To: Marc Kleine-Budde <mkl@...gutronix.de>,
Vincent Mailhol <mailhol.vincent@...adoo.fr>,
linux-can@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Matt Jan <zoo868e@...il.com>,
syzbot+d7d8c418e8317899e88c@...kaller.appspotmail.com
Subject: [PATCH] can: ucan: Correct the size parameter
According to the comment, the size parameter is only required when
@dst is not an array, or when the copy needs to be smaller than
sizeof(@dst). Since the source is a `union ucan_ctl_payload`, the
correct size should be sizeof(union ucan_ctl_payload).
Signed-off-by: Matt Jan <zoo868e@...il.com>
Reported-by: syzbot+d7d8c418e8317899e88c@...kaller.appspotmail.com
Fixes: b3e40fc85735 ("USB: usb_parse_endpoint: ignore reserved bits")
---
drivers/net/can/usb/ucan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/usb/ucan.c b/drivers/net/can/usb/ucan.c
index 39a63b7313a4..1ccef00388ae 100644
--- a/drivers/net/can/usb/ucan.c
+++ b/drivers/net/can/usb/ucan.c
@@ -1533,7 +1533,7 @@ static int ucan_probe(struct usb_interface *intf,
if (ret > 0) {
/* copy string while ensuring zero termination */
strscpy(firmware_str, up->ctl_msg_buffer->raw,
- sizeof(union ucan_ctl_payload) + 1);
+ sizeof(union ucan_ctl_payload));
} else {
strcpy(firmware_str, "unknown");
}
--
2.25.1
Powered by blists - more mailing lists