Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_kernel_samsung_gta4xl / c2d34a41a30021d6947d93dee2373e98416296b8
commitc2d34a41a30021d6947d93dee2373e98416296b8[log] [tgz]
authorBui Quang Minh <minhquangbui99@gmail.com>Wed Apr 24 21:44:21 2024 +0700
committerVegard Nossum <vegard.nossum@oracle.com>Mon Jul 08 08:14:58 2024 +0000
tree648bb4acab79ccf220802acdfc33f11500e98cbb
parent2461969d18d1b3a8ca40c5203819221813d2fa47 [diff]
scsi: qedf: Ensure the copied buf is NUL terminated

[ Upstream commit d0184a375ee797eb657d74861ba0935b6e405c62 ]

Currently, we allocate a count-sized kernel buffer and copy count from
userspace to that buffer. Later, we use kstrtouint on this buffer but we
don't ensure that the string is terminated inside the buffer, this can
lead to OOB read when using kstrtouint. Fix this issue by using
memdup_user_nul instead of memdup_user.

Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Link: https://lore.kernel.org/r/20240424-fix-oob-read-v2-4-f1f1b53a10f4@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 1f84a2744ad813be23fc4be99fb74bfb24aadb95)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
1 file changed
tree: 648bb4acab79ccf220802acdfc33f11500e98cbb
  1. .elts/
  2. arch/
  3. block/
  4. certs/
  5. crypto/
  6. Documentation/
  7. drivers/
  8. firmware/
  9. fs/
  10. include/
  11. init/
  12. ipc/
  13. kernel/
  14. lib/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README