Drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id

There's a bug which passes the output buffer size as MAX_IP_ADDR_SIZE,
when converting the adapter_id field to UTF16. This is much larger than
the actual size (MAX_ADAPTER_ID_SIZE). Fix this by passing the proper
size.

Fortunately, the translation is limited by the length of the input. This
explains why we haven't seen output buffer overflow conditions.

Signed-off-by: Alex Ng <alexng@messages.microsoft.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c
index 9a90b91..5eed1e7 100644 (file)
--- a/drivers/hv/hv_kvp.c
+++ b/drivers/hv/hv_kvp.c
@@ -304,7 +304,7 @@ static int process_ob_ipinfo(void *in_msg, void *out_msg, int op)
                                strlen((char *)in->body.kvp_ip_val.adapter_id),
                                UTF16_HOST_ENDIAN,
                                (wchar_t *)out->kvp_ip_val.adapter_id,
-                               MAX_IP_ADDR_SIZE);
+                               MAX_ADAPTER_ID_SIZE);
                if (len < 0)
                        return len;