From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Young Xiao <YangX92@hotmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sasha Levin <sashal@kernel.org>,
kgdb-bugreport@lists.sourceforge.net
Subject: [PATCH AUTOSEL 4.4 03/10] Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
Date: Tue, 4 Jun 2019 19:25:24 -0400 [thread overview]
Message-ID: <20190604232532.7953-3-sashal@kernel.org> (raw)
In-Reply-To: <20190604232532.7953-1-sashal@kernel.org>
From: Young Xiao <YangX92@hotmail.com>
[ Upstream commit b281218ad4311a0342a40cb02fb17a363df08b48 ]
There is an out-of-bounds access to "config[len - 1]" array when the
variable "len" is zero.
See commit dada6a43b040 ("kgdboc: fix KASAN global-out-of-bounds bug
in param_set_kgdboc_var()") for details.
Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/kgdbts.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c
index 99635dd9dbac..bb3a76ad80da 100644
--- a/drivers/misc/kgdbts.c
+++ b/drivers/misc/kgdbts.c
@@ -1132,7 +1132,7 @@ static void kgdbts_put_char(u8 chr)
static int param_set_kgdbts_var(const char *kmessage, struct kernel_param *kp)
{
- int len = strlen(kmessage);
+ size_t len = strlen(kmessage);
if (len >= MAX_CONFIG_LEN) {
printk(KERN_ERR "kgdbts: config string too long\n");
@@ -1152,7 +1152,7 @@ static int param_set_kgdbts_var(const char *kmessage, struct kernel_param *kp)
strcpy(config, kmessage);
/* Chop out \n char as a result of echo */
- if (config[len - 1] == '\n')
+ if (len && config[len - 1] == '\n')
config[len - 1] = '\0';
/* Go and configure with the new params. */
--
2.20.1
next prev parent reply other threads:[~2019-06-04 23:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-04 23:25 [PATCH AUTOSEL 4.4 01/10] ALSA: seq: Cover unsubscribe_port() in list_mutex Sasha Levin
2019-06-04 23:25 ` [PATCH AUTOSEL 4.4 02/10] driver core: platform: Fix the usage of platform device name(pdev->name) Sasha Levin
2019-06-04 23:25 ` Sasha Levin [this message]
2019-06-04 23:25 ` [PATCH AUTOSEL 4.4 04/10] ipc: prevent lockup on alloc_msg and free_msg Sasha Levin
2019-06-04 23:25 ` [PATCH AUTOSEL 4.4 05/10] scsi: lpfc: add check for loss of ndlp when sending RRQ Sasha Levin
2019-06-04 23:25 ` [PATCH AUTOSEL 4.4 06/10] scsi: bnx2fc: fix incorrect cast to u64 on shift operation Sasha Levin
2019-06-04 23:25 ` [PATCH AUTOSEL 4.4 07/10] usbnet: ipheth: fix racing condition Sasha Levin
2019-06-04 23:25 ` [PATCH AUTOSEL 4.4 08/10] usbnet: fix kernel crash after disconnect Sasha Levin
2019-06-04 23:25 ` [PATCH AUTOSEL 4.4 09/10] KVM: x86/pmu: do not mask the value that is written to fixed PMUs Sasha Levin
2019-06-04 23:25 ` [PATCH AUTOSEL 4.4 10/10] KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION Sasha Levin
2019-06-05 12:14 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190604232532.7953-3-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=YangX92@hotmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=kgdb-bugreport@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.