On Mon, Mar 19, 2018 at 02:07:45PM +0300, Dan Carpenter wrote:
> If the server is malicious then *bytes_read could be larger than the
> size of the "target" buffer. It would lead to memory corruption when we
> do the memcpy().
> Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare
> Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
> diff --git a/drivers/staging/ncpfs/ncplib_kernel.c
> index 804adfebba2f..3e047eb4cc7c 100644
> --- a/drivers/staging/ncpfs/ncplib_kernel.c
> +++ b/drivers/staging/ncpfs/ncplib_kernel.c
Ugh, I have like 2 more months before I delete this code :)
Anyway, nice find, and fix, I'll go queue it up now, thanks.