On Sun, Apr 24, 2022 at 10:48 PM Mikulas Patocka <mpatocka@xxxxxxxxxx> wrote: > > If we pass too short string to "hex2bin" (and the string size without the > terminating NUL character is even), "hex2bin" reads one byte after the > terminating NUL character. This patch fixes it. > > Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx You need to provide a Fixes tag. ... > while (count--) { > - int hi = hex_to_bin(*src++); > - int lo = hex_to_bin(*src++); > + int hi, lo; > > - if ((hi < 0) || (lo < 0)) > + hi = hex_to_bin(*src++); > + if (hi < 0) > + return -EINVAL; return hi; > + lo = hex_to_bin(*src++); > + if (lo < 0) > return -EINVAL; return lo; > *dst++ = (hi << 4) | lo; And on top of that it would be nice to understand if we need to support half-bytes, but in any case it's not a scope of the patch right now. -- With Best Regards, Andy Shevchenko -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel