From 2d5b2bfaebea3592ddeb736eb3a7aac620a06600 Mon Sep 17 00:00:00 2001 From: Sam Liddicott Date: Tue, 7 Jan 2014 09:21:53 -0800 Subject: [PATCH] ANDROID: xt_quota2: remove trailing junk which might have a digit in it Make sure string only contains the characters specified by userspace. Fix cherry-picked from xtables-extensions project Signed-off-by: Sam Liddicott Mot-CRs-fixed: (CR) CVE-Fixed: CVE-2021-0961 Bug: 196046570 Test: passed netd test suites Fixes: 10cda83af99d ("ANDROID: netfilter: xt_quota2: adding the original quota2 from xtables-addons") Signed-off-by: Todd Kjos (cherry picked from https://git.code.sf.net/p/xtables-addons/xtables-addons bc2bcc383c70b293bd816c29523a952ca8736fb5) Change-Id: I965448564906e5fbf0fe6d6414f44d9e257ea195 Signed-off-by: Gajjala Chakradhar Reviewed-on: https://gerrit.mot.com/2123622 SLTApproved: Slta Waiver SME-Granted: SME Approvals Granted Tested-by: Jira Key Reviewed-by: Xiangpo Zhao Submit-Approved: Jira Key (cherry picked from commit 625eb505d4c123adcc699c2a73aeec1390adf03c) --- net/netfilter/xt_quota2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netfilter/xt_quota2.c b/net/netfilter/xt_quota2.c index 24b774263aa6..75afbe20d0cb 100644 --- a/net/netfilter/xt_quota2.c +++ b/net/netfilter/xt_quota2.c @@ -162,6 +162,8 @@ static ssize_t quota_proc_write(struct file *file, const char __user *input, if (copy_from_user(buf, input, size) != 0) return -EFAULT; buf[sizeof(buf)-1] = '\0'; + if (size < sizeof(buf)) + buf[size] = '\0'; spin_lock_bh(&e->lock); e->quota = simple_strtoull(buf, NULL, 0); -- 2.20.1