Commit cab6ce9e authored by Dan Carpenter's avatar Dan Carpenter Committed by David S. Miller

caif: add a sanity check to the tty name

"tty->name" and "name" are a 64 character buffers.  My static checker
complains because we add the "cf" on the front so it look like we are
copying a 66 character string into a 64 character buffer.

Also if the name is larger than IFNAMSIZ (16) it triggers a BUG_ON()
inside the call to alloc_netdev().

This is all under CAP_SYS_ADMIN so it's not a security fix, it just adds
a little robustness.
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0b536be7
...@@ -347,7 +347,9 @@ static int ldisc_open(struct tty_struct *tty) ...@@ -347,7 +347,9 @@ static int ldisc_open(struct tty_struct *tty)
/* release devices to avoid name collision */ /* release devices to avoid name collision */
ser_release(NULL); ser_release(NULL);
sprintf(name, "cf%s", tty->name); result = snprintf(name, sizeof(name), "cf%s", tty->name);
if (result >= IFNAMSIZ)
return -EINVAL;
dev = alloc_netdev(sizeof(*ser), name, caifdev_setup); dev = alloc_netdev(sizeof(*ser), name, caifdev_setup);
if (!dev) if (!dev)
return -ENOMEM; return -ENOMEM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment