Google Git
Sign in
gfiber / kernel / bruno / dc16b4393fc6226af463fd8c1d92411e5c349cf0
commitdc16b4393fc6226af463fd8c1d92411e5c349cf0[log] [tgz]
authorStefan Hajnoczi <stefanha@redhat.com>Thu Feb 18 18:55:54 2016 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Mar 03 15:07:29 2016 -0800
treeb365595a42c568220e62831d1d3b05ace119770a
parent36b53e8b2abf1f514e83e2c3207e36e71c8176de [diff]
sunrpc/cache: fix off-by-one in qword_get()

commit b7052cd7bcf3c1478796e93e3dff2b44c9e82943 upstream.

The qword_get() function NUL-terminates its output buffer.  If the input
string is in hex format \xXXXX... and the same length as the output
buffer, there is an off-by-one:

  int qword_get(char **bpp, char *dest, int bufsize)
  {
      ...
      while (len < bufsize) {
          ...
          *dest++ = (h << 4) | l;
          len++;
      }
      ...
      *dest = '\0';
      return len;
  }

This patch ensures the NUL terminator doesn't fall outside the output
buffer.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: b365595a42c568220e62831d1d3b05ace119770a
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS