Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

staging: comedi: fix infoleak to userspace

driver_name and board_name are pointers to strings, not buffers of size
COMEDI_NAMELEN.  Copying COMEDI_NAMELEN bytes of a string containing
less than COMEDI_NAMELEN-1 bytes would leak some unrelated bytes.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Vasiliy Kulikov 14 years ago
parent
85678d5d27
commit
819cbb120e
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      drivers/staging/comedi/comedi_fops.c

+ 2 - 2
drivers/staging/comedi/comedi_fops.c
View File 

@@ -383,8 +383,8 @@ static int do_devinfo_ioctl(struct comedi_device *dev,
 
 	/* fill devinfo structure */
 
 	devinfo.version_code = COMEDI_VERSION_CODE;
 
 	devinfo.n_subdevs = dev->n_subdevices;
 
-	memcpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
 
-	memcpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
 
+	strlcpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
 
+	strlcpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
 
 
 	if (read_subdev)
 
 		devinfo.read_subdevice = read_subdev - dev->subdevices;