[PATCH 1/1] crypto: user - fix leaking uninitialized memory to userspace
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Mon Jan 28 09:09:14 UTC 2019
On Fri, Jan 25, 2019 at 09:37:21AM -0600, Tyler Hicks wrote:
> On 2019-01-25 09:33:07, Thadeu Lima de Souza Cascardo wrote:
> > On Fri, Jan 25, 2019 at 09:26:53AM -0200, Thadeu Lima de Souza Cascardo wrote:
> > > On Fri, Jan 25, 2019 at 02:08:08AM +0000, Tyler Hicks wrote:
> > > > From: Eric Biggers <ebiggers at google.com>
> > > >
> > > > All bytes of the NETLINK_CRYPTO report structures must be initialized,
> > > > since they are copied to userspace. The change from strncpy() to
> > > > strlcpy() broke this. As a minimal fix, change it back.
> > >
> > > Why not using strscpy?
> > >
> > > Cascardo.
> >
> > That would be commit 37db69e0b4923bff331820ee6969681937d8b065
> > ("crypto: user - clean up report structure copying").
>
> Right, that patch is an improvement but the one that I proposed is the
> minimal fix that's most appropriate for backporting.
>
> Tyler
Not sure about not backporting this one, but I agree that's not bad applying
your proposed one, so I am going to ACK it.
Thanks.
Cascardo.
More information about the kernel-team
mailing list