Kees Cook <keescook@xxxxxxxxxxxx> wrote: > Using memcpy() from a string that is shorter than the length copied means > the destination buffer is being filled with arbitrary data from the kernel > rodata segment. Instead, redefine the stat strings to be ETH_GSTRING_LEN > sizes, like other drivers. This lets us use a single memcpy that does not > leak rodata contents. Additionally adjust indentation to keep checkpatch.pl > happy. > > This was found with the future CONFIG_FORTIFY_SOURCE feature. > > Cc: Daniel Micay <danielmicay@xxxxxxxxx> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Patch applied to wireless-drivers-next.git, thanks. 12e3c0433e8a libertas: Avoid reading past end of buffer -- https://patchwork.kernel.org/patch/9727997/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
