550c9e49eb429cdb0c1e70ba6a6cf5935612f0dd - SHIFTPHONES/kernel/common

commit	550c9e49eb429cdb0c1e70ba6a6cf5935612f0dd	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Wed Feb 24 11:45:59 2021 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Wed Mar 17 17:06:31 2021 +0100
tree	71b76a41351a6c214b3933702a5cf1f37981123a
parent	d972a516958dee489911d9f57ee7a177834ef248 [diff]

staging: rtl8712: unterminated string leads to read overflow

commit d660f4f42ccea50262c6ee90c8e7ad19a69fb225 upstream.

The memdup_user() function does not necessarily return a NUL terminated
string so this can lead to a read overflow.  Switch from memdup_user()
to strndup_user() to fix this bug.

Fixes: c6dc001f2add ("staging: r8712u: Merging Realtek's latest (v2.6.6). Various fixes.")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YDYSR+1rj26NRhvb@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/staging/rtl8712/rtl871x_ioctl_linux.c[diff]

1 file changed

tree: 71b76a41351a6c214b3933702a5cf1f37981123a