aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGavin Schenk <g.schenk@eckelmann.de>2018-02-14 15:25:02 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-03-15 18:07:46 +0100
commitf87deada80fe483e2286e29cd866dc66ddc2b6bc (patch)
treebcc1c18916e587af9591a24bea3663d589ac5bd8
parentchar: nvram: disable on ARM (diff)
downloadlinux-dev-f87deada80fe483e2286e29cd866dc66ddc2b6bc.tar.xz
linux-dev-f87deada80fe483e2286e29cd866dc66ddc2b6bc.zip
siox: fix possible buffer overflow in device_add_store
Width 20 given in format string is larger than destination buffer 'type[20]', use %19s to prevent overflowing it. Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX") Cc: stable <stable@vger.kernel.org> Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: Gavin Schenk <g.schenk@eckelmann.de> Reviewed-by: Uwe Kleine-K├Ânig <u.kleine-koenig@pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/siox/siox-core.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/siox/siox-core.c b/drivers/siox/siox-core.c
index fdfcdea25867..16590dfaafa4 100644
--- a/drivers/siox/siox-core.c
+++ b/drivers/siox/siox-core.c
@@ -594,7 +594,7 @@ static ssize_t device_add_store(struct device *dev,
size_t inbytes = 0, outbytes = 0;
u8 statustype = 0;
- ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes,
+ ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes,
&outbytes, &statustype);
if (ret != 3 && ret != 4)
return -EINVAL;