diff options
| author | Yihui ZENG <yzeng56@asu.edu> | 2019-10-25 12:31:48 +0300 |
|---|---|---|
| committer | Vasily Gorbik <gor@linux.ibm.com> | 2019-10-31 17:26:48 +0100 |
| commit | b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f (patch) | |
| tree | 84dd3a01c06ab6464064d591b3d03003da9e49e6 /README | |
| parent | d6d5df1db6e9d7f8f76d2911707f7d5877251b02 (diff) | |
s390/cmm: fix information leak in cmm_timeout_handler()
The problem is that we were putting the NUL terminator too far:
buf[sizeof(buf) - 1] = '\0';
If the user input isn't NUL terminated and they haven't initialized the
whole buffer then it leads to an info leak. The NUL terminator should
be:
buf[len - 1] = '\0';
Signed-off-by: Yihui Zeng <yzeng56@asu.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[heiko.carstens@de.ibm.com: keep semantics of how *lenp and *ppos are handled]
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions