lpfc: fix missing zero termination in debugfs
authorAlan <gnomes@lxorguk.ukuu.org.uk>
Mon, 15 Feb 2016 19:11:56 +0000 (19:11 +0000)
committerMartin K. Petersen <martin.petersen@oracle.com>
Wed, 24 Feb 2016 02:27:02 +0000 (21:27 -0500)
If you feed 32 bytes in then the kstrtoull() doesn't receive a terminated
string so will run off the end.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/lpfc/lpfc_debugfs.c

index 25aa9b98d53aa3452fb670b55f3efe810062e27a..a63542bac15333c24d5d4716900f6413447af696 100644 (file)
@@ -1054,11 +1054,11 @@ lpfc_debugfs_dif_err_write(struct file *file, const char __user *buf,
 {
        struct dentry *dent = file->f_path.dentry;
        struct lpfc_hba *phba = file->private_data;
-       char dstbuf[32];
+       char dstbuf[33];
        uint64_t tmp = 0;
        int size;
 
-       memset(dstbuf, 0, 32);
+       memset(dstbuf, 0, 33);
        size = (nbytes < 32) ? nbytes : 32;
        if (copy_from_user(dstbuf, buf, size))
                return 0;