[stable] patch "staging: comedi: fix infoleak to userspace" added to staging tree

Tue, 05 Jul 2011 09:50:49 -0700 

This is a note to let you know that I've just added the patch titled

    staging: comedi: fix infoleak to userspace

to my staging git tree which can be found at
    git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6.git
in the staging-next branch.

The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)

The patch will also will be merged in the next major kernel release
during the merge window.

If you have any questions about this process, please let me know.


>From 819cbb120eaec7e014e5abd029260db1ca8c5735 Mon Sep 17 00:00:00 2001
From: Vasiliy Kulikov <seg...@openwall.com>
Date: Sun, 26 Jun 2011 12:56:22 +0400
Subject: staging: comedi: fix infoleak to userspace

driver_name and board_name are pointers to strings, not buffers of size
COMEDI_NAMELEN.  Copying COMEDI_NAMELEN bytes of a string containing
less than COMEDI_NAMELEN-1 bytes would leak some unrelated bytes.

Signed-off-by: Vasiliy Kulikov <seg...@openwall.com>
Cc: stable <sta...@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gre...@suse.de>
---
 drivers/staging/comedi/comedi_fops.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/comedi/comedi_fops.c 
b/drivers/staging/comedi/comedi_fops.c
index 15a209f..419976b 100644
--- a/drivers/staging/comedi/comedi_fops.c
+++ b/drivers/staging/comedi/comedi_fops.c
@@ -383,8 +383,8 @@ static int do_devinfo_ioctl(struct comedi_device *dev,
        /* fill devinfo structure */
        devinfo.version_code = COMEDI_VERSION_CODE;
        devinfo.n_subdevs = dev->n_subdevices;
-       memcpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
-       memcpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
+       strlcpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
+       strlcpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
 
        if (read_subdev)
                devinfo.read_subdevice = read_subdev - dev->subdevices;
-- 
1.7.6


_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable

Reply via email to