Google Git
Sign in
kernel / pub / scm / linux / kernel / git / kvalo / ath / e48d661eb13f2f83861428f001c567fdb3f317e8
commite48d661eb13f2f83861428f001c567fdb3f317e8[log] [tgz]
authorKees Cook <keescook@chromium.org>Fri May 05 15:38:41 2017 -0700
committerKalle Valo <kvalo@codeaurora.org>Mon May 22 18:27:22 2017 +0300
tree3a588ae021bfe8b63c907818ca2c06510a905e34
parent0aeffa7041d84976432e903cb04e8d7b0edf31ed [diff]
ray_cs: Avoid reading past end of buffer

Using memcpy() from a buffer that is shorter than the length copied means
the destination buffer is being filled with arbitrary data from the kernel
rodata segment. In this case, the source was made longer, since it did not
match the destination structure size. Additionally removes a needless cast.

This was found with the future CONFIG_FORTIFY_SOURCE feature.

Cc: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
1 file changed
tree: 3a588ae021bfe8b63c907818ca2c06510a905e34
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README