Patchwork [v2] isdn: avoid copying too long drvid

login
register
mail settings
Submitter Dan Carpenter
Date Nov. 24, 2011, 12:42 p.m.
Message ID <20111124124209.GI3195@mwanda>
Download mbox | patch
Permalink /patch/127499/
State Accepted
Delegated to: David Miller
Headers show

Comments

Dan Carpenter - Nov. 24, 2011, 12:42 p.m.
"cfg->drvid" comes from the user so there is a possibility they
didn't NUL terminate it properly.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: use strnlen() instead of strlen().
David Miller - Nov. 29, 2011, 11:40 p.m.
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 24 Nov 2011 15:42:09 +0300

> "cfg->drvid" comes from the user so there is a possibility they
> didn't NUL terminate it properly.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: use strnlen() instead of strlen().

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
index 1f73d7f..2339d73 100644
--- a/drivers/isdn/i4l/isdn_net.c
+++ b/drivers/isdn/i4l/isdn_net.c
@@ -2756,6 +2756,9 @@  isdn_net_setcfg(isdn_net_ioctl_cfg * cfg)
 			char *c,
 			*e;
 
+			if (strnlen(cfg->drvid, sizeof(cfg->drvid)) ==
+					sizeof(cfg->drvid))
+				return -EINVAL;
 			drvidx = -1;
 			chidx = -1;
 			strcpy(drvid, cfg->drvid);