| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241022165712.8425-1-zichenxie0106@gmail.com>
Date: Tue, 22 Oct 2024 11:57:13 -0500
From: Gax-c <zichenxie0106@...il.com>
To: kuba@...nel.org,
andrew+netdev@...n.ch,
davem@...emloft.net,
edumazet@...gle.com,
pabeni@...hat.com,
petrm@...dia.com,
idosch@...dia.com
Cc: netdev@...r.kernel.org,
zzjas98@...il.com,
chenyuan0y@...il.com,
Zichen Xie <zichenxie0106@...il.com>
Subject: [PATCH] netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
From: Zichen Xie <zichenxie0106@...il.com>
This was found by a static analyzer.
We should not forget the trailing zero after copy_from_user()
if we will further do some string operations, sscanf() in this
case. Adding a trailing zero will ensure that the function
performs properly.
Fixes: c6385c0b67c5 ("netdevsim: Allow reporting activity on nexthop buckets")
Signed-off-by: Zichen Xie <zichenxie0106@...il.com>
---
drivers/net/netdevsim/fib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/netdevsim/fib.c b/drivers/net/netdevsim/fib.c
index 41e80f78b316..dbb11cd46a86 100644
--- a/drivers/net/netdevsim/fib.c
+++ b/drivers/net/netdevsim/fib.c
@@ -1377,10 +1377,11 @@ static ssize_t nsim_nexthop_bucket_activity_write(struct file *file,
if (pos != 0)
return -EINVAL;
- if (size > sizeof(buf))
+ if (size > sizeof(buf) - 1)
return -EINVAL;
if (copy_from_user(buf, user_buf, size))
return -EFAULT;
+ buf[size] = 0;
if (sscanf(buf, "%u %hu", &nhid, &bucket_index) != 2)
return -EINVAL;
--
2.34.1
Powered by blists - more mailing lists