projects / elmcan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7b1cd74)
ioctl(SIOCGIFNAME): Copy at most IFNAMSIZ bytes, but less if possible
authornorly <ny-git@enpas.org>
Tue, 19 Feb 2019 21:10:16 +0000 (22:10 +0100)
committernorly <ny-git@enpas.org>
Tue, 19 Feb 2019 21:11:48 +0000 (22:11 +0100)
Thus, we don't leak any trailing bytes that may be in the name buffer.

module/elmcan.c patch | blob | history

diff --git a/module/elmcan.c b/module/elmcan.c
index 10ca30874c662885ac8382949c97352b2af8d574..538134cf38f71666bfe310da68c8378429232889 100644 (file)
--- a/module/elmcan.c
+++ b/module/elmcan.c
@@ -1273,13 +1273,15 @@ static int elmcan_ldisc_ioctl(struct tty_struct *tty, struct file *file,
                        unsigned int cmd, unsigned long arg)
 {
        struct elmcan *elm = get_elm(tty);
+       unsigned int tmp;
 
        if (!elm)
                return -EINVAL;
 
        switch (cmd) {
        case SIOCGIFNAME:
-               if (copy_to_user((void __user *)arg, elm->dev->name, IFNAMSIZ)) {
+               tmp = strnlen(elm->dev->name, IFNAMSIZ - 1) + 1;
+               if (copy_to_user((void __user *)arg, elm->dev->name, tmp)) {
                        put_elm(elm);
                        return -EFAULT;
                }
Linux SocketCAN kernel driver for ELM327 based devices.