[PATCH 1/1] crypto: user - fix leaking uninitialized memory to userspace
Tyler Hicks
tyhicks at canonical.com
Fri Jan 25 15:37:21 UTC 2019
On 2019-01-25 09:33:07, Thadeu Lima de Souza Cascardo wrote:
> On Fri, Jan 25, 2019 at 09:26:53AM -0200, Thadeu Lima de Souza Cascardo wrote:
> > On Fri, Jan 25, 2019 at 02:08:08AM +0000, Tyler Hicks wrote:
> > > From: Eric Biggers <ebiggers at google.com>
> > >
> > > All bytes of the NETLINK_CRYPTO report structures must be initialized,
> > > since they are copied to userspace. The change from strncpy() to
> > > strlcpy() broke this. As a minimal fix, change it back.
> >
> > Why not using strscpy?
> >
> > Cascardo.
>
> That would be commit 37db69e0b4923bff331820ee6969681937d8b065
> ("crypto: user - clean up report structure copying").
Right, that patch is an improvement but the one that I proposed is the
minimal fix that's most appropriate for backporting.
Tyler
More information about the kernel-team
mailing list