Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 88a5b39b authored by Daniel Micay's avatar Daniel Micay Committed by Greg Kroah-Hartman
Browse files

staging/rts5208: Fix read overflow in memcpy 



Noticed by FORTIFY_SOURCE, this swaps memcpy() for strncpy() to zero-value
fill the end of the buffer instead of over-reading a string from .rodata.

Signed-off-by: default avatarDaniel Micay <danielmicay@gmail.com>
[kees: wrote commit log]
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Wayne Porter <wporter82@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 372bd1eb

drivers/staging/rts5208/rtsx_scsi.c

+1 −1
Original line number Diff line number Diff line
@@ -536,7 +536,7 @@ static int inquiry(struct scsi_cmnd *srb, struct rtsx_chip *chip) 


	if (sendbytes > 8) {

		memcpy(buf, inquiry_buf, 8);

		memcpy(buf + 8, inquiry_string,	sendbytes - 8);

		strncpy(buf + 8, inquiry_string, sendbytes - 8);

		if (pro_formatter_flag) {

			/* Additional Length */

			buf[4] = 0x33;