From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751617AbdBOD1q (ORCPT ); Tue, 14 Feb 2017 22:27:46 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:45450 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751486AbdBOD1n (ORCPT ); Tue, 14 Feb 2017 22:27:43 -0500 X-ME-Sender: X-Sasl-enc: goK2NT6+IpGvBI5xK38REyhVSXnb06ERq+SAZ7Yf89kk 1487129261 From: "Tobin C. Harding" To: Thomas Petazzoni , noralf@tronnes.org Cc: Greg Kroah-Hartman , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, "Tobin C. Harding" Subject: [PATCH v2 0/3] staging: fbtft: Fix buffer overflow vulnerability Date: Wed, 15 Feb 2017 14:27:22 +1100 Message-Id: <1487129245-24970-1-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Module copies a user supplied string (module parameter) into a buffer using strncpy() and does not check that the buffer is null terminated. Replace call to strncpy() with call to strlcpy() ensuring that the buffer is null terminated. Replace magic number with pre-existing compile time constant. Check return value of call to strlcpy() and throw warning if source string is truncated. v1 was a single patch. v2 adds 2 extra patches while retaining the original v1 patch as the first of the series. v2: - Replace magic number - Check return value of call to strlcpy() Tobin C. Harding (3): staging: fbtft: Fix buffer overflow vulnerability staging: fbtft: Replace magic number with constant staging: fbtft: Add check on strlcpy() return value drivers/staging/fbtft/fbtft_device.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) -- 2.7.4