]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commit
s390/cmm: fix information leak in cmm_timeout_handler()
authorYihui ZENG <yzeng56@asu.edu>
Fri, 25 Oct 2019 09:31:48 +0000 (12:31 +0300)
committerVasily Gorbik <gor@linux.ibm.com>
Thu, 31 Oct 2019 16:26:48 +0000 (17:26 +0100)
commitb8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f
tree84dd3a01c06ab6464064d591b3d03003da9e49e6
parentd6d5df1db6e9d7f8f76d2911707f7d5877251b02
s390/cmm: fix information leak in cmm_timeout_handler()

The problem is that we were putting the NUL terminator too far:

buf[sizeof(buf) - 1] = '\0';

If the user input isn't NUL terminated and they haven't initialized the
whole buffer then it leads to an info leak.  The NUL terminator should
be:

buf[len - 1] = '\0';

Signed-off-by: Yihui Zeng <yzeng56@asu.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[heiko.carstens@de.ibm.com: keep semantics of how *lenp and *ppos are handled]
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
arch/s390/mm/cmm.c