Kees Cook <[email protected]> wrote: > Using memcpy() from a string that is shorter than the length copied means > the destination buffer is being filled with arbitrary data from the kernel > rodata segment. Instead, redefine the stat strings to be ETH_GSTRING_LEN > sizes, like other drivers. This lets us use a single memcpy that does not > leak rodata contents. Additionally adjust indentation to keep checkpatch.pl > happy. > > This was found with the future CONFIG_FORTIFY_SOURCE feature. > > Cc: Daniel Micay <[email protected]> > Signed-off-by: Kees Cook <[email protected]>
Patch applied to wireless-drivers-next.git, thanks. 12e3c0433e8a libertas: Avoid reading past end of buffer -- https://patchwork.kernel.org/patch/9727997/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
