android_kernel_samsung_a7y1.../arch/s390/mm
Yihui ZENG 7747a0a8db s390/cmm: fix information leak in cmm_timeout_handler()
commit b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f upstream.

The problem is that we were putting the NUL terminator too far:

	buf[sizeof(buf) - 1] = '\0';

If the user input isn't NUL terminated and they haven't initialized the
whole buffer then it leads to an info leak.  The NUL terminator should
be:

	buf[len - 1] = '\0';

Signed-off-by: Yihui Zeng <yzeng56@asu.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[heiko.carstens@de.ibm.com: keep semantics of how *lenp and *ppos are handled]
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-07 09:28:26 +02:00
..
cmm.c s390/cmm: fix information leak in cmm_timeout_handler() 2020-04-07 09:28:26 +02:00
dump_pagetables.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
extable.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
extmem.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
fault.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
gup.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hugetlbpage.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
init.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
maccess.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Makefile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mem_detect.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mmap.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
page-states.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pageattr.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pgtable.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vmem.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30