diff options
| author | Gavin Schenk <[email protected]> | 2018-02-14 15:25:02 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <[email protected]> | 2018-03-15 18:07:46 +0100 |
| commit | f87deada80fe483e2286e29cd866dc66ddc2b6bc (patch) | |
| tree | bcc1c18916e587af9591a24bea3663d589ac5bd8 | |
| parent | 3ba9faedc180097805613dac7a866432852cc4e5 (diff) | |
siox: fix possible buffer overflow in device_add_store
Width 20 given in format string is larger than destination
buffer 'type[20]', use %19s to prevent overflowing it.
Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX")
Cc: stable <[email protected]>
Reported-by: David Binderman <[email protected]>
Signed-off-by: Gavin Schenk <[email protected]>
Reviewed-by: Uwe Kleine-König <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
| -rw-r--r-- | drivers/siox/siox-core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/siox/siox-core.c b/drivers/siox/siox-core.c index fdfcdea25867..16590dfaafa4 100644 --- a/drivers/siox/siox-core.c +++ b/drivers/siox/siox-core.c @@ -594,7 +594,7 @@ static ssize_t device_add_store(struct device *dev, size_t inbytes = 0, outbytes = 0; u8 statustype = 0; - ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes, + ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes, &outbytes, &statustype); if (ret != 3 && ret != 4) return -EINVAL; |