b8e51a6a9d
The problem is that we were putting the NUL terminator too far: buf[sizeof(buf) - 1] = '\0'; If the user input isn't NUL terminated and they haven't initialized the whole buffer then it leads to an info leak. The NUL terminator should be: buf[len - 1] = '\0'; Signed-off-by: Yihui Zeng <yzeng56@asu.edu> Cc: stable@vger.kernel.org Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> [heiko.carstens@de.ibm.com: keep semantics of how *lenp and *ppos are handled] Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> |
||
---|---|---|
.. | ||
Makefile | ||
cmm.c | ||
dump_pagetables.c | ||
extmem.c | ||
fault.c | ||
gmap.c | ||
hugetlbpage.c | ||
init.c | ||
kasan_init.c | ||
maccess.c | ||
mmap.c | ||
page-states.c | ||
pageattr.c | ||
pgalloc.c | ||
pgtable.c | ||
vmem.c |