"cfg->drvid" comes from the user so there is a possibility they didn't NUL terminate it properly. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> --- v2: use strnlen() instead of strlen(). diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c index 1f73d7f..2339d73 100644 --- a/drivers/isdn/i4l/isdn_net.c +++ b/drivers/isdn/i4l/isdn_net.c @@ -2756,6 +2756,9 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg) char *c, *e; + if (strnlen(cfg->drvid, sizeof(cfg->drvid)) == + sizeof(cfg->drvid)) + return -EINVAL; drvidx = -1; chidx = -1; strcpy(drvid, cfg->drvid);
Attachment:
signature.asc
Description: Digital signature