net: irda: using kzalloc() instead of kmalloc() to avoid strncpy() issue.

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

'discovery->data.info' length is 22, NICKNAME_MAX_LEN is 21, so the
strncpy() will always left the last byte of 'discovery->data.info'
uninitialized.

When 'text' length is longer than 21 (NICKNAME_MAX_LEN), if still left
the last byte of 'discovery->data.info' uninitialized, the next
strlen() will cause issue.

Also 'discovery->data' is 'struct irda_device_info' which defined in
"include/uapi/...", it may copy to user mode, so need whole initialized.

All together, need use kzalloc() instead of kmalloc() to initialize all
members firstly.

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Chen Gang and committed by

David S. Miller 13 years ago ff0102ee 6b21e1b7

+1 -1

1 changed file

expand all

net

irda

irlap_frame.c

+1 -1

net/irda/irlap_frame.c

··· 544 544 /* 545 545 * We now have some discovery info to deliver! 546 546 */ 547 - discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC); 547 + discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC); 548 548 if (!discovery) { 549 549 IRDA_WARNING("%s: unable to malloc!\n", __func__); 550 550 return;