From: Jakub Kicinski <kuba@kernel.org>
Date: Fri, 26 Apr 2024 02:23:51 +0000 (-0700)
Subject: Merge branch 'ensure-the-copied-buf-is-nul-terminated'
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c;p=linux.git

Merge branch 'ensure-the-copied-buf-is-nul-terminated'

Bui Quang Minh says:

====================
Ensure the copied buf is NUL terminated (part)

I found that some drivers contains an out-of-bound read pattern like this

	kern_buf = memdup_user(user_buf, count);
	...
	sscanf(kern_buf, ...);

The sscanf can be replaced by some other string-related functions. This
pattern can lead to out-of-bound read of kern_buf in string-related
functions.

This series fix the above issue by replacing memdup_user with
memdup_user_nul.

v1: https://lore.kernel.org/r/20240422-fix-oob-read-v1-0-e02854c30174@gmail.com
====================

Link: https://lore.kernel.org/r/20240424-fix-oob-read-v2-0-f1f1b53a10f4@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

a5b1051ad5a7028a4a5a2f569f8caf3a56c7163c