* [PATCH] hid-core: Avoid uninitialized buffer access
@ 2015-09-18 23:31 Darren Hart
2015-09-23 12:09 ` Jiri Kosina
0 siblings, 1 reply; 2+ messages in thread
From: Darren Hart @ 2015-09-18 23:31 UTC (permalink / raw)
To: Linux Kernel Mailing List
Cc: Richard Purdie, Jiri Kosina, linux-input, stable, Darren Hart
From: Richard Purdie <richard.purdie@linuxfoundation.org>
hid_connect adds various strings to the buffer but they're all
conditional. You can find circumstances where nothing would be written
to it but the kernel will still print the supposedly empty buffer with
printk. This leads to corruption on the console/in the logs.
Ensure buf is initialized to an empty string.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[dvhart: Initialize string to "" rather than assign buf[0] = NULL;]
Cc: Jiri Kosina <jikos@kernel.org>
Cc: linux-input@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
---
drivers/hid/hid-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 70a11ac..c0fbf4e 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1611,7 +1611,7 @@ int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
"Multi-Axis Controller"
};
const char *type, *bus;
- char buf[64];
+ char buf[64] = "";
unsigned int i;
int len;
int ret;
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] hid-core: Avoid uninitialized buffer access
2015-09-18 23:31 [PATCH] hid-core: Avoid uninitialized buffer access Darren Hart
@ 2015-09-23 12:09 ` Jiri Kosina
0 siblings, 0 replies; 2+ messages in thread
From: Jiri Kosina @ 2015-09-23 12:09 UTC (permalink / raw)
To: Darren Hart
Cc: Linux Kernel Mailing List, Richard Purdie, linux-input, stable,
Darren Hart
On Fri, 18 Sep 2015, Darren Hart wrote:
> From: Richard Purdie <richard.purdie@linuxfoundation.org>
>
> hid_connect adds various strings to the buffer but they're all
> conditional. You can find circumstances where nothing would be written
> to it but the kernel will still print the supposedly empty buffer with
> printk. This leads to corruption on the console/in the logs.
>
> Ensure buf is initialized to an empty string.
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> [dvhart: Initialize string to "" rather than assign buf[0] = NULL;]
> Cc: Jiri Kosina <jikos@kernel.org>
> Cc: linux-input@vger.kernel.org
> Cc: stable@vger.kernel.org
> Signed-off-by: Darren Hart <dvhart@linux.intel.com>
> ---
> drivers/hid/hid-core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> index 70a11ac..c0fbf4e 100644
> --- a/drivers/hid/hid-core.c
> +++ b/drivers/hid/hid-core.c
> @@ -1611,7 +1611,7 @@ int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
> "Multi-Axis Controller"
> };
> const char *type, *bus;
> - char buf[64];
> + char buf[64] = "";
> unsigned int i;
> int len;
> int ret;
Applied to hid.git#for-4.3/upstream-fixes.
Thanks,
--
Jiri Kosina
SUSE Labs
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-09-23 12:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-09-18 23:31 [PATCH] hid-core: Avoid uninitialized buffer access Darren Hart
2015-09-23 12:09 ` Jiri Kosina
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).