2019-05-29 01:54:56

by Gen Zhang

[permalink] [raw]
Subject: [PATCH] wcd9335: fix a incorrect use of kstrndup()

In wcd9335_codec_enable_dec(), 'widget_name' is allocated by kstrndup().
However, according to doc: "Note: Use kmemdup_nul() instead if the size
is known exactly." So we should use kmemdup_nul() here instead of
kstrndup().

Signed-off-by: Gen Zhang <[email protected]>
---
diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
index a04a7ce..85737fe 100644
--- a/sound/soc/codecs/wcd9335.c
+++ b/sound/soc/codecs/wcd9335.c
@@ -2734,7 +2734,7 @@ static int wcd9335_codec_enable_dec(struct snd_soc_dapm_widget *w,
char *dec;
u8 hpf_coff_freq;

- widget_name = kstrndup(w->name, 15, GFP_KERNEL);
+ widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
if (!widget_name)
return -ENOMEM;

---


2019-05-29 15:48:28

by Mark Brown

[permalink] [raw]
Subject: Applied "wcd9335: fix a incorrect use of kstrndup()" to the asoc tree

The patch

wcd9335: fix a incorrect use of kstrndup()

has been applied to the asoc tree at

https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-5.3

All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.

You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.

If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.

Please add any relevant lists and maintainers to the CCs when replying
to this mail.

Thanks,
Mark

From a54988113985ca22e414e132054f234fc8a92604 Mon Sep 17 00:00:00 2001
From: Gen Zhang <[email protected]>
Date: Wed, 29 May 2019 09:53:05 +0800
Subject: [PATCH] wcd9335: fix a incorrect use of kstrndup()

In wcd9335_codec_enable_dec(), 'widget_name' is allocated by kstrndup().
However, according to doc: "Note: Use kmemdup_nul() instead if the size
is known exactly." So we should use kmemdup_nul() here instead of
kstrndup().

Signed-off-by: Gen Zhang <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
---
sound/soc/codecs/wcd9335.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
index a04a7cedd99d..85737fe54474 100644
--- a/sound/soc/codecs/wcd9335.c
+++ b/sound/soc/codecs/wcd9335.c
@@ -2734,7 +2734,7 @@ static int wcd9335_codec_enable_dec(struct snd_soc_dapm_widget *w,
char *dec;
u8 hpf_coff_freq;

- widget_name = kstrndup(w->name, 15, GFP_KERNEL);
+ widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
if (!widget_name)
return -ENOMEM;

--
2.20.1

2019-06-05 04:59:24

by Jiri Slaby

[permalink] [raw]
Subject: Re: [PATCH] wcd9335: fix a incorrect use of kstrndup()

On 29. 05. 19, 3:53, Gen Zhang wrote:
> In wcd9335_codec_enable_dec(), 'widget_name' is allocated by kstrndup().
> However, according to doc: "Note: Use kmemdup_nul() instead if the size
> is known exactly."

Except the size is not known exactly. It is at most 15, not 15. Right?

> So we should use kmemdup_nul() here instead of
> kstrndup().
>
> Signed-off-by: Gen Zhang <[email protected]>
> ---
> diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
> index a04a7ce..85737fe 100644
> --- a/sound/soc/codecs/wcd9335.c
> +++ b/sound/soc/codecs/wcd9335.c
> @@ -2734,7 +2734,7 @@ static int wcd9335_codec_enable_dec(struct snd_soc_dapm_widget *w,
> char *dec;
> u8 hpf_coff_freq;
>
> - widget_name = kstrndup(w->name, 15, GFP_KERNEL);
> + widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
> if (!widget_name)
> return -ENOMEM;
>

thanks,
--
js
suse labs

2019-06-18 23:07:11

by Tyler Hicks

[permalink] [raw]
Subject: Re: [PATCH] wcd9335: fix a incorrect use of kstrndup()

On 2019-06-05 06:57:02, Jiri Slaby wrote:
> On 29. 05. 19, 3:53, Gen Zhang wrote:
> > In wcd9335_codec_enable_dec(), 'widget_name' is allocated by kstrndup().
> > However, according to doc: "Note: Use kmemdup_nul() instead if the size
> > is known exactly."
>
> Except the size is not known exactly. It is at most 15, not 15. Right?

That's my understanding, as well. This change looks incorrect/misguided
to me.

CVE-2019-12454 was assigned for this but I've requested that MITRE
reject it as there doesn't seem to be any security impact and possibly
no reason at all for this change.

Tyler

>
> > So we should use kmemdup_nul() here instead of
> > kstrndup().
> >
> > Signed-off-by: Gen Zhang <[email protected]>
> > ---
> > diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
> > index a04a7ce..85737fe 100644
> > --- a/sound/soc/codecs/wcd9335.c
> > +++ b/sound/soc/codecs/wcd9335.c
> > @@ -2734,7 +2734,7 @@ static int wcd9335_codec_enable_dec(struct snd_soc_dapm_widget *w,
> > char *dec;
> > u8 hpf_coff_freq;
> >
> > - widget_name = kstrndup(w->name, 15, GFP_KERNEL);
> > + widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
> > if (!widget_name)
> > return -ENOMEM;
> >
>
> thanks,
> --
> js
> suse labs