Hi Shimoda-san, On Wed, Jul 31, 2019 at 11:04 AM Yoshihiro Shimoda <[email protected]> wrote: > Since the role_store() uses strncmp(), it's possible to refer > out-of-memory if the sysfs data size is smaller than strlen("host"). > This patch fixes it by using sysfs_streq() instead of strncmp(). > > Reported-by: Pavel Machek <[email protected]> > Fixes: 9bb86777fb71 ("phy: rcar-gen3-usb2: add sysfs for usb role swap") > Cc: <[email protected]> # v4.10+ > Signed-off-by: Yoshihiro Shimoda <[email protected]>
Reviewed-by: Geert Uytterhoeven <[email protected]> > --- > Just a record. The role_store() doesn't need to check the count because > the sysfs_streq() checks the first argument is NULL or not. Is that wat you mean? sysfs_streq() doesn't seem to check for NULL pointers. Isn't the real reason that sysfs (kernfs) guarantees that the passed buffer is NUL-terminated? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected] In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
