Re: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Bui Quang Minh <minhquangbui99@xxxxxxxxx>
Subject: Re: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated
From: Heiko Carstens <hca@xxxxxxxxxxxxx>
Date: Wed, 24 Apr 2024 16:54:05 +0200
Cc: Jesse Brandeburg <jesse.brandeburg@xxxxxxxxx>, Tony Nguyen <anthony.l.nguyen@xxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, Jakub Kicinski <kuba@xxxxxxxxxx>, Paolo Abeni <pabeni@xxxxxxxxxx>, Paul M Stillwell Jr <paul.m.stillwell.jr@xxxxxxxxx>, Rasesh Mody <rmody@xxxxxxxxxxx>, Sudarsana Kalluru <skalluru@xxxxxxxxxxx>, GR-Linux-NIC-Dev@xxxxxxxxxxx, Anil Gurumurthy <anil.gurumurthy@xxxxxxxxxx>, Sudarsana Kalluru <sudarsana.kalluru@xxxxxxxxxx>, "James E.J. Bottomley" <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>, Fabian Frederick <fabf@xxxxxxxxx>, Saurav Kashyap <skashyap@xxxxxxxxxxx>, GR-QLogic-Storage-Upstream@xxxxxxxxxxx, Nilesh Javali <nilesh.javali@xxxxxxxxxx>, Arun Easi <arun.easi@xxxxxxxxxx>, Manish Rangankar <manish.rangankar@xxxxxxxxxx>, Vineeth Vijayan <vneethv@xxxxxxxxxxxxx>, Peter Oberparleiter <oberpar@xxxxxxxxxxxxx>, Vasily Gorbik <gor@xxxxxxxxxxxxx>, Alexander Gordeev <agordeev@xxxxxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxxxxx>, Sven Schnelle <svens@xxxxxxxxxxxxx>, Sunil Goutham <sgoutham@xxxxxxxxxxx>, Linu Cherian <lcherian@xxxxxxxxxxx>, Geetha sowjanya <gakula@xxxxxxxxxxx>, Jerin Jacob <jerinj@xxxxxxxxxxx>, hariprasad <hkelam@xxxxxxxxxxx>, Subbaraya Sundeep <sbhatta@xxxxxxxxxxx>, intel-wired-lan@xxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-scsi@xxxxxxxxxxxxxxx, Saurav Kashyap <saurav.kashyap@xxxxxxxxxx>, linux-s390@xxxxxxxxxxxxxxx, Jens Axboe <axboe@xxxxxxxxx>
In-reply-to: <20240424-fix-oob-read-v2-5-f1f1b53a10f4@gmail.com>
References: <20240424-fix-oob-read-v2-0-f1f1b53a10f4@gmail.com> <20240424-fix-oob-read-v2-5-f1f1b53a10f4@gmail.com>

On Wed, Apr 24, 2024 at 09:44:22PM +0700, Bui Quang Minh wrote:
> Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from
> userspace to that buffer. Later, we use scanf on this buffer but we don't
> ensure that the string is terminated inside the buffer, this can lead to
> OOB read when using scanf. Fix this issue by using memdup_user_nul instead.
> 
> Fixes: a4f17cc72671 ("s390/cio: add CRW inject functionality")
> Signed-off-by: Bui Quang Minh <minhquangbui99@xxxxxxxxx>
> ---
>  drivers/s390/cio/cio_inject.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Heiko Carstens <hca@xxxxxxxxxxxxx>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

References:
- [PATCH v2 0/6] Ensure the copied buf is NUL terminated
  - From: Bui Quang Minh
- [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated
  - From: Bui Quang Minh

Prev by Date: [PATCH v2 6/6] octeontx2-af: avoid off-by-one read from userspace
Next by Date: Re: [PATCH V2 04/19] math64: Tidy mul_u64_u32_shr()
Previous by thread: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated
Next by thread: Re: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Development] [Kernel Newbies] [IDE] [Security] [Git] [Netfilter] [Bugtraq] [Yosemite Info] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Linux ATA RAID] [Samba] [Linux Media] [Device Mapper]