On Tue, Jul 14, 2020 at 10:33 AM Lee Jones <[email protected]> wrote: > > Currently the 'c2dev' device data is not zeroed when its allocated. > Coupled with the fact strncpy() *may not* provide a NUL terminator > means that a 1-byte leak would be possible *if* this was ever copied > to userspace. > > To prevent such a failing, let's first ensure the 'c2dev' device data > area is fully zeroed out and ensure the buffer will always be NUL > terminated by using the kernel's strscpy() which a) uses the > destination (instead of the source) size as the bytes to copy and b) > is *always* NUL terminated. > > Cc: Rodolfo Giometti <[email protected]> > Cc: "Eurotech S.p.A" <[email protected]> > Reported-by: Geert Uytterhoeven <[email protected]> > Signed-off-by: Lee Jones <[email protected]>
Acked-by: Arnd Bergmann <[email protected]>
