]> asedeno.scripts.mit.edu Git - linux.git/commitdiff
projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3ba9fae)
siox: fix possible buffer overflow in device_add_store
authorGavin Schenk <g.schenk@eckelmann.de>
Wed, 14 Feb 2018 14:25:02 +0000 (15:25 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 15 Mar 2018 17:07:46 +0000 (18:07 +0100)
Width 20 given in format string is larger than destination
buffer 'type[20]', use %19s to prevent overflowing it.

Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX")
Cc: stable <stable@vger.kernel.org>
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Gavin Schenk <g.schenk@eckelmann.de>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/siox/siox-core.c patch | blob | history

diff --git a/drivers/siox/siox-core.c b/drivers/siox/siox-core.c
index fdfcdea258678950d0c0cf502f7964a9087bf6cb..16590dfaafa448d43f00cbced0dbb457782fff93 100644 (file)
--- a/drivers/siox/siox-core.c
+++ b/drivers/siox/siox-core.c
@@ -594,7 +594,7 @@ static ssize_t device_add_store(struct device *dev,
        size_t inbytes = 0, outbytes = 0;
        u8 statustype = 0;
 
-       ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes,
+       ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes,
                     &outbytes, &statustype);
        if (ret != 3 && ret != 4)
                return -EINVAL;
local clone of linux.git