iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/misc
History
Daniel Axtens 3745488e9d altera-stapl: altera_get_note: prevent write beyond end of 'key' 
altera_get_note is called from altera_init, where key is kzalloc(33).

When the allocation functions are annotated to allow the compiler to see
the sizes of objects, and with FORTIFY_SOURCE, we see:

In file included from drivers/misc/altera-stapl/altera.c:14:0:
In function ‘strlcpy’,
    inlined from ‘altera_init’ at drivers/misc/altera-stapl/altera.c:2189:5:
include/linux/string.h:378:4: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object passed as 1st parameter
    __write_overflow();
    ^~~~~~~~~~~~~~~~~~

That refers to this code in altera_get_note:

    if (key != NULL)
            strlcpy(key, &p[note_strings +
                            get_unaligned_be32(
                            &p[note_table + (8 * i)])],
                    length);

The error triggers because the length of 'key' is 33, but the copy
uses length supplied as the 'length' parameter, which is always
256. Split the size parameter into key_len and val_len, and use the
appropriate length depending on what is being copied.

Detected by compiler error, only compile-tested.

Cc: "Igor M. Liplianin" <liplianin@netup.ru>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Link: https://lore.kernel.org/r/20200120074344.504-2-dja@axtens.net
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/202002251042.D898E67AC@keescook
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-03-03 08:02:57 +01:00
..
altera-stapl
altera-stapl: altera_get_note: prevent write beyond end of 'key'
2020-03-03 08:02:57 +01:00
c2port
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
cardreader
Char/Misc driver changes for 5.6-rc1
2020-01-29 10:35:54 -08:00
cb710
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
cxl
misc: cxl: use mmgrab
2020-01-16 14:59:36 +10:00
echo
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 176
2019-05-30 11:29:19 -07:00
eeprom
misc: eeprom: at24: support pm_runtime control
2020-01-23 12:52:57 +01:00
genwqe
misc: genwqe: fix compile warnings
2020-01-14 15:06:06 +01:00
habanalabs
habanalabs: patched cb equals user cb in device memset
2020-02-11 11:12:47 +02:00
ibmasm
Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-07-19 10:42:02 -07:00
lis3lv02d
lis3lv02d: switch to using input device polling mode
2019-10-10 15:24:19 +02:00
lkdtm
lkdtm/bugs: fix build error in lkdtm_UNSET_SMEP
2020-01-14 15:41:04 +01:00
mei
mei: me: add jasper point DID
2020-01-24 09:33:58 +01:00
mic
Char/Misc driver changes for 5.6-rc1
2020-01-29 10:35:54 -08:00
ocxl
ocxl: Add PCI hotplug dependency to Kconfig
2020-01-23 21:31:18 +11:00
sgi-gru
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
sgi-xp
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
ti-st
drivers/misc: ti-st: remove redundant assignment to variables i and flags
2020-01-14 15:16:51 +01:00
vmw_vmci
compat_ioctl: remove most of fs/compat_ioctl.c
2019-12-01 13:46:15 -08:00
ad525x_dpot-i2c.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 149
2019-05-30 11:25:18 -07:00
ad525x_dpot-spi.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 149
2019-05-30 11:25:18 -07:00
ad525x_dpot.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 149
2019-05-30 11:25:18 -07:00
ad525x_dpot.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 149
2019-05-30 11:25:18 -07:00
apds990x.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336
2019-06-05 17:37:07 +02:00
apds9802als.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167
2019-05-30 11:26:39 -07:00
atmel_tclib.c
misc: atmel_tclib: use devm_platform_ioremap_resource() to simplify code
2019-10-10 15:24:19 +02:00
atmel-ssc.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
bh1770glc.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336
2019-06-05 17:37:07 +02:00
cs5535-mfgpt.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206
2019-05-30 11:29:53 -07:00
ds1682.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
dummy-irq.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
enclosure.c
scsi: enclosure: Fix stale device oops with hot replug
2020-01-10 01:38:40 -05:00
fastrpc.c
drm-misc-next for v5.6:
2019-12-17 13:57:54 +01:00
hmc6352.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167
2019-05-30 11:26:39 -07:00
hpilo.c
misc: hpilo: Do not claim unsupported hardware
2019-02-27 16:00:21 +01:00
hpilo.h
misc: Use the correct style for SPDX License Identifier
2019-10-10 15:34:40 +02:00
ibmvmc.c
misc: ibmvsm: Fix potential NULL pointer dereference
2019-01-18 14:14:14 +01:00
ibmvmc.h
misc: Use the correct style for SPDX License Identifier
2019-10-10 15:34:40 +02:00
ics932s401.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
isl29003.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61
2019-05-24 17:36:45 +02:00
isl29020.c
misc: isl29020: add missed pm_runtime_disable
2020-01-14 15:06:07 +01:00
Kconfig
misc: Fix Kconfig indentation
2019-11-20 15:09:49 +01:00
kgdbts.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
lattice-ecp3-config.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
Makefile
Char/Misc driver patches for 5.4-rc1
2019-09-18 11:14:31 -07:00
pch_phub.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 167
2019-05-30 11:26:39 -07:00
pci_endpoint_test.c
PCI: Add PCI_STD_NUM_BARS for the number of standard BARs
2019-10-14 10:22:26 -05:00
phantom.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
pti.c
Char/Misc driver changes for 5.6-rc1
2020-01-29 10:35:54 -08:00
pvpanic.c
misc: pvpanic: add crash loaded event
2020-01-14 15:07:37 +01:00
qcom-coincell.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284
2019-06-05 17:36:37 +02:00
sram-exec.c
drivers/misc: sram-exec: have the callers of set_memory_*() check the return value
2020-01-14 15:06:06 +01:00
sram.c
misc: sram: use devm_platform_ioremap_resource_wc()
2019-11-05 18:32:47 +01:00
sram.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
tifm_7xx1.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
tifm_core.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
tsl2550.c
misc: tsl2550: remove redundant initialization to variable r
2020-01-14 15:16:51 +01:00
vexpress-syscfg.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
vmw_balloon.c
vmw_balloon: Explicitly include linux/io.h for virt_to_phys()
2019-12-10 10:15:48 +01:00
xilinx_sdfec.c
misc: xilinx_sdfec: fix xsdfec_poll()'s return type
2020-01-14 15:16:51 +01:00