projects
/
platform
/
kernel
/
linux-amlogic.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
b0af63a
)
unifikey: fix kasan bug reported in name_store [1/1]
author
Jiamin Ma
<jiamin.ma@amlogic.com>
Fri, 19 Apr 2019 00:15:47 +0000
(08:15 +0800)
committer
Nick Xie
<nick@khadas.com>
Mon, 5 Aug 2019 06:31:34 +0000
(14:31 +0800)
PD#SWPL-7326
Problem:
slab-out-of-bounds in strlen called by name_store
Solution:
Make sure the string passed to strlen is always '\0'
ended
Verify:
Locally
Change-Id: Ifd78a100c0e34ff9afb527ebe7b044ceb5c3505e
Signed-off-by: Jiamin Ma <jiamin.ma@amlogic.com>
drivers/amlogic/unifykey/unifykey.c
patch
|
blob
|
history
diff --git
a/drivers/amlogic/unifykey/unifykey.c
b/drivers/amlogic/unifykey/unifykey.c
index
c1e3524
..
d2a9fad
100644
(file)
--- a/
drivers/amlogic/unifykey/unifykey.c
+++ b/
drivers/amlogic/unifykey/unifykey.c
@@
-1277,7
+1277,7
@@
static ssize_t name_store(struct class *cla,
}
key_cnt = unifykey_count_key(&(ukdev->uk_header));
- name = kzalloc(count, GFP_KERNEL);
+ name = kzalloc(count
+ 1
, GFP_KERNEL);
if (!name) {
pr_err("can't kzalloc mem,%s:%d\n",
__func__,