Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753615AbdHXQZQ (ORCPT ); Thu, 24 Aug 2017 12:25:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:45794 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753275AbdHXQZN (ORCPT ); Thu, 24 Aug 2017 12:25:13 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DDDD921A1D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=robh+dt@kernel.org MIME-Version: 1.0 In-Reply-To: <20170824010404.9145-1-bjorn.andersson@linaro.org> References: <20170824010404.9145-1-bjorn.andersson@linaro.org> From: Rob Herring Date: Thu, 24 Aug 2017 11:24:51 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] of/device: Prevent buffer overflow in of_device_modalias() To: Bjorn Andersson Cc: Frank Rowand , "devicetree@vger.kernel.org" , "linux-kernel@vger.kernel.org" , stable Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 536 Lines: 14 On Wed, Aug 23, 2017 at 8:04 PM, Bjorn Andersson wrote: > As of_device_get_modalias() returns the number of bytes that would have > been written to the target string, regardless of how much did fit in the > buffer, it's possible that the returned index points beyond the buffer > passed to of_device_modalias() - causing memory beyond the buffer to be > null terminated. I guess ibmebus and macio had this bug for some time because I just copied those implementations. Applying both patches. Thanks. Rob