| From foo@baz Mon Apr 9 17:09:24 CEST 2018 |
| From: Kees Cook <keescook@chromium.org> |
| Date: Fri, 5 May 2017 15:25:32 -0700 |
| Subject: bna: Avoid reading past end of buffer |
| |
| From: Kees Cook <keescook@chromium.org> |
| |
| |
| [ Upstream commit 9e4eb1ce472fbf7b007f23c88ec11c37265e401c ] |
| |
| Using memcpy() from a string that is shorter than the length copied means |
| the destination buffer is being filled with arbitrary data from the kernel |
| rodata segment. Instead, use strncpy() which will fill the trailing bytes |
| with zeros. |
| |
| This was found with the future CONFIG_FORTIFY_SOURCE feature. |
| |
| Cc: Daniel Micay <danielmicay@gmail.com> |
| Signed-off-by: Kees Cook <keescook@chromium.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/net/ethernet/brocade/bna/bfa_ioc.c |
| +++ b/drivers/net/ethernet/brocade/bna/bfa_ioc.c |
| @@ -2845,7 +2845,7 @@ bfa_ioc_get_adapter_optrom_ver(struct bf |
| static void |
| bfa_ioc_get_adapter_manufacturer(struct bfa_ioc *ioc, char *manufacturer) |
| { |
| - memcpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN); |
| + strncpy(manufacturer, BFA_MFG_NAME, BFA_ADAPTER_MFG_NAME_LEN); |
| } |
| |
| static void |