diff options
author | Len Baker <[email protected]> | 2021-08-17 12:27:09 +0200 |
---|---|---|
committer | Steve French <[email protected]> | 2021-08-25 15:42:15 -0500 |
commit | f980d055a0f858d73d9467bb0b570721bbfcdfb8 (patch) | |
tree | 4a7aaeadc83db7840b04621951e548548ec10a2d /drivers/platform/surface/aggregator/ssh_parser.c | |
parent | e22ce8eb631bdc47a4a4ea7ecf4e4ba499db4f93 (diff) |
CIFS: Fix a potencially linear read overflow
strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated.
Also, the strnlen() call does not avoid the read overflow in the strlcpy
function when a not NUL-terminated string is passed.
So, replace this block by a call to kstrndup() that avoids this type of
overflow and does the same.
Fixes: 066ce6899484d ("cifs: rename cifs_strlcpy_to_host and make it use new functions")
Signed-off-by: Len Baker <[email protected]>
Reviewed-by: Paulo Alcantara (SUSE) <[email protected]>
Reviewed-by: Jeff Layton <[email protected]>
Signed-off-by: Steve French <[email protected]>
Diffstat (limited to 'drivers/platform/surface/aggregator/ssh_parser.c')
0 files changed, 0 insertions, 0 deletions