Re: ray_cs: Avoid reading past end of buffer

From: Kalle Valo
Date: Mon May 22 2017 - 11:28:02 EST

Next message: Juergen Gross: "Re: [Xen-devel] [PATCH 2/2] xen: add sysfs node for guest type"
Previous message: Kalle Valo: "Re: [PATCHv4] wlcore: add wl1285 compatible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> Using memcpy() from a buffer that is shorter than the length copied means
> the destination buffer is being filled with arbitrary data from the kernel
> rodata segment. In this case, the source was made longer, since it did not
> match the destination structure size. Additionally removes a needless cast.
>
> This was found with the future CONFIG_FORTIFY_SOURCE feature.
>
> Cc: Daniel Micay <danielmicay@xxxxxxxxx>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>

Patch applied to wireless-drivers-next.git, thanks.

e48d661eb13f ray_cs: Avoid reading past end of buffer

--
https://patchwork.kernel.org/patch/9714453/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Next message: Juergen Gross: "Re: [Xen-devel] [PATCH 2/2] xen: add sysfs node for guest type"
Previous message: Kalle Valo: "Re: [PATCHv4] wlcore: add wl1285 compatible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]