summaryrefslogtreecommitdiff
path: root/drivers/net/wireless/marvell/libertas/if_usb.c
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-05-16 00:26:40 +0300
committerKalle Valo <kvalo@codeaurora.org>2017-05-24 16:43:54 +0300
commit12e3c0433e8a3b817fbb978a1be973a04cd5d6f3 (patch)
tree6ddfbf4843743a8965eda6b22f203693378baaa5 /drivers/net/wireless/marvell/libertas/if_usb.c
parent438f3d13da5e0714f1add1652865b864a2c36eb7 (diff)
downloadlinux-12e3c0433e8a3b817fbb978a1be973a04cd5d6f3.tar.xz
libertas: Avoid reading past end of buffer
Using memcpy() from a string that is shorter than the length copied means the destination buffer is being filled with arbitrary data from the kernel rodata segment. Instead, redefine the stat strings to be ETH_GSTRING_LEN sizes, like other drivers. This lets us use a single memcpy that does not leak rodata contents. Additionally adjust indentation to keep checkpatch.pl happy. This was found with the future CONFIG_FORTIFY_SOURCE feature. Cc: Daniel Micay <danielmicay@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Diffstat (limited to 'drivers/net/wireless/marvell/libertas/if_usb.c')
0 files changed, 0 insertions, 0 deletions