[1/1] drivers/net/irda/irda-usb.c: fix buffer overflow

Message ID	200901132130.n0DLUsjq014237@imap1.linux-foundation.org
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-Id: <200901132130.n0DLUsjq014237@imap1.linux-foundation.org> Subject: [patch 1/1] drivers/net/irda/irda-usb.c: fix buffer overflow To: davem@davemloft.net Cc: netdev@vger.kernel.org, akpm@linux-foundation.org, josevteg@gmail.com, linville@tuxdriver.com, samuel@sortiz.org, stable@kernel.org From: akpm@linux-foundation.org Date: Tue, 13 Jan 2009 13:30:54 -0800 Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

200901132130.n0DLUsjq014237@imap1.linux-foundation.org

State

Accepted, archived

Delegated to:

David Miller

Headers

Message-Id: <200901132130.n0DLUsjq014237@imap1.linux-foundation.org>
Subject: [patch 1/1] drivers/net/irda/irda-usb.c: fix buffer overflow
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, akpm@linux-foundation.org,
	josevteg@gmail.com, linville@tuxdriver.com, samuel@sortiz.org,
	stable@kernel.org
From: akpm@linux-foundation.org
Date: Tue, 13 Jan 2009 13:30:54 -0800
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Andrew Morton Jan. 13, 2009, 9:30 p.m. UTC

From: Jos-Vicente Gilabert <josevteg@gmail.com>

Taken from http://bugzilla.kernel.org/show_bug.cgi?id=12397

We're doing an sprintf of an 11-char string into an 11-char buffer. 
Whoops.  It breaks firmware uploading.

Reported-by: Jos-Vicente Gilabert <josevteg@gmail.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Samuel Ortiz <samuel@sortiz.org>
Cc: "John W. Linville" <linville@tuxdriver.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 drivers/net/irda/irda-usb.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

David Miller Jan. 15, 2009, 4:55 a.m. UTC | #1

From: akpm@linux-foundation.org
Date: Tue, 13 Jan 2009 13:30:54 -0800

> From: Jos-Vicente Gilabert <josevteg@gmail.com>
> 
> Taken from http://bugzilla.kernel.org/show_bug.cgi?id=12397
> 
> We're doing an sprintf of an 11-char string into an 11-char buffer. 
> Whoops.  It breaks firmware uploading.
> 
> Reported-by: Jos-Vicente Gilabert <josevteg@gmail.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Patch applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff -puN drivers/net/irda/irda-usb.c~drivers-net-irda-irda-usbc-fix-buffer-overflow drivers/net/irda/irda-usb.c
--- a/drivers/net/irda/irda-usb.c~drivers-net-irda-irda-usbc-fix-buffer-overflow
+++ a/drivers/net/irda/irda-usb.c
@@ -1073,7 +1073,7 @@  static int stir421x_patch_device(struct 
 {
 	unsigned int i;
 	int ret;
-	char stir421x_fw_name[11];
+	char stir421x_fw_name[12];
 	const struct firmware *fw;
 	const unsigned char *fw_version_ptr; /* pointer to version string */
 	unsigned long fw_version = 0;