octeontx2-af: avoid off-by-one read from userspace (f299ee70) · Commits · CodeLinaro / qsdk / kvalo / ath

Commit f299ee70 authored 10 months ago by Bui Quang Minh Committed by Jakub Kicinski 10 months ago

We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.

Fixes: 3a2eb515 ("octeontx2-af: Fix an off by one in rvu_dbg_qsize_write()")
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Link: https://lore.kernel.org/r/20240424-fix-oob-read-v2-6-f1f1b53a10f4@gmail.com

Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 8c34096c

No related branches found

No related tags found

No related merge requests found

Showing with 1 addition and 3 deletions

Please register or to comment