platform/x86: think-lmi: Return EINVAL when kbdlang gets set to a 0 length string

Commit 0ddcf3a6b4 ("platform/x86: think-lmi: Avoid potential read before
start of the buffer") moved the length == 0 up to before stripping the '\n'
which typically gets added when users echo a value to a sysfs-attribute
from the shell.

This avoids a potential buffer-underrun, but it also causes a behavioral
change, prior to this change "echo > kbdlang", iow writing just a single
'\n' would result in an EINVAL error, but after the change this gets
accepted setting kbdlang to an empty string.

Fix this by replacing the manual '\n' check with using strchrnul() to get
the length till '\n' or terminating 0 in one go; and then do the
length != 0 check after this.

Fixes: 0ddcf3a6b4 ("platform/x86: think-lmi: Avoid potential read before start of the buffer")
Reported-by: Juha Leppänen <juha_efku@dnainternet.net>
Suggested-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210621193648.44138-1-hdegoede@redhat.com
This commit is contained in:
Hans de Goede 2021-06-21 21:36:48 +02:00
parent 72fbcac2f4
commit 71d69e82f4
1 changed files with 3 additions and 8 deletions

View File

@ -442,14 +442,9 @@ static ssize_t kbdlang_store(struct kobject *kobj,
struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
int length;
length = strlen(buf);
if (!length)
return -EINVAL;
if (buf[length-1] == '\n')
length--;
if (length >= TLMI_LANG_MAXLEN)
/* Calculate length till '\n' or terminating 0 */
length = strchrnul(buf, '\n') - buf;
if (!length || length >= TLMI_LANG_MAXLEN)
return -EINVAL;
memcpy(setting->kbdlang, buf, length);