net: ncsi: Fix buffer overflow in fetching version id

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In NC-SI spec v1.2 section 8.4.44.2, the firmware name doesn't
need to be null terminated while its size occupies the full size
of the field. Fix the buffer overflow issue by adding one
additional byte for null terminator.

Signed-off-by: Hari Kalavakunta <kalavakunta.hari.prasad@gmail.com>
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Link: https://patch.msgid.link/20250610193338.1368-1-kalavakunta.hari.prasad@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Hari Kalavakunta and committed by

Jakub Kicinski 9 months ago 8e16170a 221dfdb2

+2 -1

2 changed files

expand all

net

ncsi

internal.h

ncsi-rsp.c

+1 -1

net/ncsi/internal.h

··· 110 110 u8 update; /* NCSI version update */ 111 111 char alpha1; /* NCSI version alpha1 */ 112 112 char alpha2; /* NCSI version alpha2 */ 113 - u8 fw_name[12]; /* Firmware name string */ 113 + u8 fw_name[12 + 1]; /* Firmware name string */ 114 114 u32 fw_version; /* Firmware version */ 115 115 u16 pci_ids[4]; /* PCI identification */ 116 116 u32 mf_id; /* Manufacture ID */

net/ncsi/ncsi-rsp.c

··· 775 775 ncv->alpha1 = rsp->alpha1; 776 776 ncv->alpha2 = rsp->alpha2; 777 777 memcpy(ncv->fw_name, rsp->fw_name, 12); 778 + ncv->fw_name[12] = '\0'; 778 779 ncv->fw_version = ntohl(rsp->fw_version); 779 780 for (i = 0; i < ARRAY_SIZE(ncv->pci_ids); i++) 780 781 ncv->pci_ids[i] = ntohs(rsp->pci_ids[i]);