lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Aug 2019 17:57:33 -0700 (PDT) From: David Miller <davem@...emloft.net> To: xywang.sjtu@...u.edu.cn Cc: aelior@...vell.com, GR-everest-linux-l2@...vell.com, netdev@...r.kernel.org Subject: Re: [PATCH] net/ethernet/qlogic/qed: force the string buffer NULL-terminated From: Wang Xiayang <xywang.sjtu@...u.edu.cn> Date: Wed, 31 Jul 2019 16:15:42 +0800 > strncpy() does not ensure NULL-termination when the input string > size equals to the destination buffer size 30. > The output string is passed to qed_int_deassertion_aeu_bit() > which calls DP_INFO() and relies NULL-termination. > > Use strlcpy instead. The other conditional branch above strncpy() > needs no fix as snprintf() ensures NULL-termination. > > This issue is identified by a Coccinelle script. > > Signed-off-by: Wang Xiayang <xywang.sjtu@...u.edu.cn> Applied.
Powered by blists - more mailing lists