misc: c2port: core: Make copying name from userspace more secure

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Currently the 'c2dev' device data is not initialised when it's
allocated. There maybe an issue when using strncpy() to populate the
'name' attribute since a NUL terminator may not be provided in all
use-cases. To prevent such a failing, let's ensure the 'c2dev'
device data area is fully zeroed out on allocation.

Cc: Rodolfo Giometti <giometti@enneenne.com>
Cc: "Eurotech S.p.A" <info@eurotech.it>
Cc: David Laight <David.Laight@aculab.com>
Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20201102142001.560490-1-lee.jones@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Lee Jones and committed by

Greg Kroah-Hartman 5 years ago e8f50d4b c78c95f9

+1 -1

1 changed file

expand all

drivers

misc

c2port

core.c

+1 -1

drivers/misc/c2port/core.c

··· 899 899 unlikely(!ops->c2d_get) || unlikely(!ops->c2d_set)) 900 900 return ERR_PTR(-EINVAL); 901 901 902 - c2dev = kmalloc(sizeof(struct c2port_device), GFP_KERNEL); 902 + c2dev = kzalloc(sizeof(struct c2port_device), GFP_KERNEL); 903 903 if (unlikely(!c2dev)) 904 904 return ERR_PTR(-ENOMEM); 905 905