Re: [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Bui Quang Minh <minhquangbui99@xxxxxxxxx>
Subject: Re: [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated
From: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>
Date: Mon, 06 May 2024 21:20:05 -0400
Cc: Jesse Brandeburg <jesse.brandeburg@xxxxxxxxx>, Tony Nguyen <anthony.l.nguyen@xxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, Jakub Kicinski <kuba@xxxxxxxxxx>, Paolo Abeni <pabeni@xxxxxxxxxx>, Paul M Stillwell Jr <paul.m.stillwell.jr@xxxxxxxxx>, Rasesh Mody <rmody@xxxxxxxxxxx>, Sudarsana Kalluru <skalluru@xxxxxxxxxxx>, GR-Linux-NIC-Dev@xxxxxxxxxxx, Anil Gurumurthy <anil.gurumurthy@xxxxxxxxxx>, Sudarsana Kalluru <sudarsana.kalluru@xxxxxxxxxx>, "James E.J. Bottomley" <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>, Fabian Frederick <fabf@xxxxxxxxx>, Saurav Kashyap <skashyap@xxxxxxxxxxx>, GR-QLogic-Storage-Upstream@xxxxxxxxxxx, Nilesh Javali <nilesh.javali@xxxxxxxxxx>, Arun Easi <arun.easi@xxxxxxxxxx>, Manish Rangankar <manish.rangankar@xxxxxxxxxx>, Vineeth Vijayan <vneethv@xxxxxxxxxxxxx>, Peter Oberparleiter <oberpar@xxxxxxxxxxxxx>, Heiko Carstens <hca@xxxxxxxxxxxxx>, Vasily Gorbik <gor@xxxxxxxxxxxxx>, Alexander Gordeev <agordeev@xxxxxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxxxxx>, Sven Schnelle <svens@xxxxxxxxxxxxx>, Sunil Goutham <sgoutham@xxxxxxxxxxx>, Linu Cherian <lcherian@xxxxxxxxxxx>, Geetha sowjanya <gakula@xxxxxxxxxxx>, Jerin Jacob <jerinj@xxxxxxxxxxx>, hariprasad <hkelam@xxxxxxxxxxx>, Subbaraya Sundeep <sbhatta@xxxxxxxxxxx>, intel-wired-lan@xxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-scsi@xxxxxxxxxxxxxxx, Saurav Kashyap <saurav.kashyap@xxxxxxxxxx>, linux-s390@xxxxxxxxxxxxxxx, Jens Axboe <axboe@xxxxxxxxx>
In-reply-to: <20240424-fix-oob-read-v2-4-f1f1b53a10f4@gmail.com> (Bui Quang Minh's message of "Wed, 24 Apr 2024 21:44:21 +0700")
Organization: Oracle Corporation

Bui,

> Currently, we allocate a count-sized kernel buffer and copy count from
> userspace to that buffer. Later, we use kstrtouint on this buffer but we
> don't ensure that the string is terminated inside the buffer, this can
> lead to OOB read when using kstrtouint. Fix this issue by using
> memdup_user_nul instead of memdup_user.

Applied to 6.10/scsi-staging, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

References:
- [PATCH v2 0/6] Ensure the copied buf is NUL terminated
  - From: Bui Quang Minh
- [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated
  - From: Bui Quang Minh

Prev by Date: Re: [PATCH v2 3/6] bfa: ensure the copied buf is NUL terminated
Next by Date: Re: [PATCH] qla2xxx: Fix debugfs output for fw_resource_count
Previous by thread: [PATCH v2 4/6] qedf: ensure the copied buf is NUL terminated
Next by thread: [PATCH v2 5/6] cio: ensure the copied buf is NUL terminated
Index(es):
- Date
- Thread

[Index of Archives] [SCSI Target Devel] [Linux SCSI Target Infrastructure] [Kernel Newbies] [IDE] [Security] [Git] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Linux ATA RAID] [Linux IIO] [Samba] [Device Mapper]