projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ca5af1f)
staging: fbtft: Fix buffer overflow vulnerability
authorTobin C. Harding <me@tobin.cc>
Wed, 15 Feb 2017 03:27:23 +0000 (14:27 +1100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 6 Mar 2017 08:16:59 +0000 (09:16 +0100)
Module copies a user supplied string (module parameter) into a buffer
using strncpy() and does not check that the buffer is null terminated.

Replace call to strncpy() with call to strlcpy() ensuring that the
buffer is null terminated.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/fbtft/fbtft_device.c patch | blob | blame | history

diff --git a/drivers/staging/fbtft/fbtft_device.c b/drivers/staging/fbtft/fbtft_device.c
index 9ffb9cecc465232afb3a21ba4e06282978052bbe..6b9e8adda984d77a5af756570370245c6258e1bd 100644 (file)
--- a/drivers/staging/fbtft/fbtft_device.c
+++ b/drivers/staging/fbtft/fbtft_device.c
@@ -1483,7 +1483,7 @@ static int __init fbtft_device_init(void)
                        displays[i].pdev->name = name;
                        displays[i].spi = NULL;
                } else {
-                       strncpy(displays[i].spi->modalias, name, SPI_NAME_SIZE);
+                       strlcpy(displays[i].spi->modalias, name, SPI_NAME_SIZE);
                        displays[i].pdev = NULL;
                }
        }