Removes the risk of returning non-null terminated strings
to userspace in those cases the provided buffer is too small.
Signed-off-by: Magnus Vigerlöf <[email protected]>
---
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
index 12c7ab8..667333c 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -377,11 +377,13 @@ static int str_to_user(const char *str,
if (!str)
return -ENOENT;
- len = strlen(str) + 1;
- if (len > maxlen)
- len = maxlen;
+ len = strlen(str);
+ if (len >= maxlen)
+ len = maxlen - 1;
- return copy_to_user(p, str, len) ? -EFAULT : len;
+ if (copy_to_user(p, str, len))
+ return -EFAULT;
+ return put_user('\0', (char __user *)p + len) ? -EFAULT : len + 1;
}
static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
