forked from luck/tmp_suning_uos_patched
b8e51a6a9d
The problem is that we were putting the NUL terminator too far: buf[sizeof(buf) - 1] = '\0'; If the user input isn't NUL terminated and they haven't initialized the whole buffer then it leads to an info leak. The NUL terminator should be: buf[len - 1] = '\0'; Signed-off-by: Yihui Zeng <yzeng56@asu.edu> Cc: stable@vger.kernel.org Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> [heiko.carstens@de.ibm.com: keep semantics of how *lenp and *ppos are handled] Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> |
||
|---|---|---|
| .. | ||
| cmm.c | ||
| dump_pagetables.c | ||
| extmem.c | ||
| fault.c | ||
| gmap.c | ||
| hugetlbpage.c | ||
| init.c | ||
| kasan_init.c | ||
| maccess.c | ||
| Makefile | ||
| mmap.c | ||
| page-states.c | ||
| pageattr.c | ||
| pgalloc.c | ||
| pgtable.c | ||
| vmem.c | ||