Commit 9d46c552 authored by Len Baker's avatar Len Baker Committed by Yang Yingliang
Browse files

CIFS: Fix a potencially linear read overflow 



stable inclusion
from linux-4.19.207
commit bea655491daf39f1934a71bf576bf3499092d3a4

--------------------------------

[ Upstream commit f980d055 ]

strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated.

Also, the strnlen() call does not avoid the read overflow in the strlcpy
function when a not NUL-terminated string is passed.

So, replace this block by a call to kstrndup() that avoids this type of
overflow and does the same.

Fixes: 066ce689 ("cifs: rename cifs_strlcpy_to_host and make it use new functions")
Signed-off-by: default avatarLen Baker <len.baker@gmx.com>
Reviewed-by: default avatarPaulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent 17e4b893
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment