Commit f87deada authored by Gavin Schenk's avatar Gavin Schenk Committed by Greg Kroah-Hartman

siox: fix possible buffer overflow in device_add_store

Width 20 given in format string is larger than destination
buffer 'type[20]', use %19s to prevent overflowing it.

Fixes: bbecb07f ("siox: new driver framework for eckelmann SIOX")
Cc: stable <stable@vger.kernel.org>
Reported-by: default avatarDavid Binderman <dcb314@hotmail.com>
Signed-off-by: default avatarGavin Schenk <g.schenk@eckelmann.de>
Reviewed-by: default avatarUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3ba9faed
......@@ -594,7 +594,7 @@ static ssize_t device_add_store(struct device *dev,
size_t inbytes = 0, outbytes = 0;
u8 statustype = 0;
ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes,
ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes,
&outbytes, &statustype);
if (ret != 3 && ret != 4)
return -EINVAL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment