Re: [PATCH v2 1/2] scsi: scsi_debug: scsi: scsi_debug: fix some bugs in sdebug_error_write()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 06 Nov 2023 17:04:33 +0300, Dan Carpenter wrote:

> There are two bug in this code:
> 1) If count is zero, then it will lead to a NULL dereference.  The
>    kmalloc() will successfully allocate zero bytes and the test for
>    "if (buf[0] == '-')" will read beyond the end of the zero size buffer
>    and Oops.
> 2) The code does not ensure that the user's string is properly NUL
>    terminated which could lead to a read overflow.
> 
> [...]

Applied to 6.7/scsi-fixes, thanks!

[1/2] scsi: scsi_debug: scsi: scsi_debug: fix some bugs in sdebug_error_write()
      https://git.kernel.org/mkp/scsi/c/860c3d03bbc3
[2/2] scsi: scsi_debug: delete some bogus error checking
      https://git.kernel.org/mkp/scsi/c/037fbd3fcfbd

-- 
Martin K. Petersen	Oracle Linux Engineering
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux