platform/x86: think-lmi: Avoid potential read before start of the buffer

If length equals 0 then reading buf[length-1] will read before the start
of the buffer.

Avoid this by moving the length == 0 check up.

Cc: Mark Pearson <markpearson@lenovo.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210609151752.156902-2-hdegoede@redhat.com

diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c
index 4881de4e669d290486184b4edc68c57bea9766c4..7771c93594494592ae7bb487c1f54cccd32e0267 100644 (file)
--- a/drivers/platform/x86/think-lmi.c
+++ b/drivers/platform/x86/think-lmi.c
@@ -443,10 +443,13 @@ static ssize_t kbdlang_store(struct kobject *kobj,
        int length;
 
        length = strlen(buf);
+       if (!length)
+               return -EINVAL;
+
        if (buf[length-1] == '\n')
                length--;
 
-       if (!length || (length >= TLMI_LANG_MAXLEN))
+       if (length >= TLMI_LANG_MAXLEN)
                return -EINVAL;
 
        memcpy(setting->kbdlang, buf, length);