| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250923153906.1751813-3-beanhuo@iokpp.de>
Date: Tue, 23 Sep 2025 17:39:05 +0200
From: Bean Huo <beanhuo@...pp.de>
To: avri.altman@....com,
bvanassche@....org,
alim.akhtar@...sung.com,
jejb@...ux.ibm.com,
martin.petersen@...cle.com,
can.guo@....qualcomm.com,
ulf.hansson@...aro.org,
beanhuo@...ron.com,
jens.wiklander@...aro.org
Cc: linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v1 2/3] scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc()
From: Bean Huo <beanhuo@...ron.com>
The function ufshcd_read_string_desc() was duplicating memory starting
from the beginning of struct uc_string_id, which included the length
and type fields. As a result, the allocated buffer contained unwanted
metadata in addition to the string itself.
The correct behavior is to duplicate only the Unicode character array in
the structure. Update the code so that only the actual string content is
copied into the new buffer.
Signed-off-by: Bean Huo <beanhuo@...ron.com>
---
drivers/ufs/core/ufshcd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index 2e1fa8cf83f5..79c7588be28a 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -3823,7 +3823,7 @@ int ufshcd_read_string_desc(struct ufs_hba *hba, u8 desc_index,
str[ret++] = '\0';
} else {
- str = kmemdup(uc_str, uc_str->len, GFP_KERNEL);
+ str = kmemdup(uc_str->uc, uc_str->len, GFP_KERNEL);
if (!str) {
ret = -ENOMEM;
goto out;
--
2.34.1
Powered by blists - more mailing lists