Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2987395imu; Mon, 19 Nov 2018 09:02:01 -0800 (PST) X-Google-Smtp-Source: AJdET5c03EnOgSjEuoD8CCxeNMBHM8cp2+3xkbahAa4ATtrQhvPWKEr79nA25J5u+XdEjUp561oR X-Received: by 2002:a62:2292:: with SMTP id p18mr21115631pfj.9.1542646921802; Mon, 19 Nov 2018 09:02:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542646921; cv=none; d=google.com; s=arc-20160816; b=S7kKpNi59l4++EboqUWbj9i3t3tj8LPFhFeM+FjETYkImbVZzwwPXPNeOW4H8kzPAx FCYIU+Y190z13fuxCHsgyI52jIxDAN8QUILJbJXuHt/GcbhhewZRdA9HTGWxM5bfE0ZL XfjaZ5GwwodfgKA55xot9Sy3eugshRl5duAzk/3/Ir6NzSYNyF5MjvTsZJpBI8x67n68 ABwcap5dp6nMqVubzRk82bZJX9jg8NQNQU+DX4QZk5btRKVYlXP/7LHkl82OLDkHG3lM Hlvaf/u8dF3Cfpp/c89Ws43SqKvjyUWdVRym9PuPlPzxJdRI01fbcYEQQXAwaU7js1XT Uq2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=PSEmlnF5tY3bHM3/eQT8LlYYbP0ww/+gNWMOsvNGUPU=; b=Gqf+caR+BR6UmTLJF6MLUsJGKD4F7A7Jfetg/xyckg+tWgnlte8h3GmkY3a9GPhNh7 MlvdmYRhSW7rTtXu2xMOZrCFyeK9aWXuL27FzFU2wXLlQmpz1T/ib3Xby8ydS4UE2DJl MnIjflmm9f/0JtdDwCJsv9UUsqEpJ8LJW5yVSUnzwt8vx0EyYx3kkaLTYXnpBmzmvPJm AXhdezrzC2ZFNMf8sVu1k7JGCrc+wc75TYnEemWIUFXOWAC291uK/4tZnjLVVzqzLv9h z3I9uHB9YjjtG5M0k3YZR/iF0FNYrWKjIn5qSUkIr64ulXuyAWWWGuElWfvitUDcZFuL 9iaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ssNEAf+Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r14si6750839pfh.229.2018.11.19.09.01.44; Mon, 19 Nov 2018 09:02:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ssNEAf+Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405534AbeKTDZR (ORCPT + 99 others); Mon, 19 Nov 2018 22:25:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:38392 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404694AbeKTDZQ (ORCPT ); Mon, 19 Nov 2018 22:25:16 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 32F8322353; Mon, 19 Nov 2018 17:01:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542646860; bh=D3+dVYUP8Ibsnwju7Wc0aU4n2KsyD3jj9DmMt4ZoNOE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ssNEAf+Zplptxhi1+e4OnDierJGvDFcEmX/h075czQcVMI9b70Ow2JwXc7uOnwPZn CO+qdBsRjohcPDhm07kfdjdSqu44/oLePHl4uA1DV/9Ov3/Cdwn0X75S3SXP81TIl+ skwUfOXqpG8u+/PZwTa0Pe7VRfWDnSW5YQ0ZLb/0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Micay , Kees Cook , "David S. Miller" , Sasha Levin Subject: [PATCH 4.4 119/160] bna: ethtool: Avoid reading past end of buffer Date: Mon, 19 Nov 2018 17:29:18 +0100 Message-Id: <20181119162642.205083808@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181119162630.031306128@linuxfoundation.org> References: <20181119162630.031306128@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 4dc69c1c1fff2f587f8e737e70b4a4e7565a5c94 ] Using memcpy() from a string that is shorter than the length copied means the destination buffer is being filled with arbitrary data from the kernel rodata segment. Instead, use strncpy() which will fill the trailing bytes with zeros. This was found with the future CONFIG_FORTIFY_SOURCE feature. Cc: Daniel Micay Signed-off-by: Kees Cook Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/ethernet/brocade/bna/bnad_ethtool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/brocade/bna/bnad_ethtool.c b/drivers/net/ethernet/brocade/bna/bnad_ethtool.c index 0e4fdc3dd729..18672ad773fb 100644 --- a/drivers/net/ethernet/brocade/bna/bnad_ethtool.c +++ b/drivers/net/ethernet/brocade/bna/bnad_ethtool.c @@ -556,8 +556,8 @@ bnad_get_strings(struct net_device *netdev, u32 stringset, u8 *string) for (i = 0; i < BNAD_ETHTOOL_STATS_NUM; i++) { BUG_ON(!(strlen(bnad_net_stats_strings[i]) < ETH_GSTRING_LEN)); - memcpy(string, bnad_net_stats_strings[i], - ETH_GSTRING_LEN); + strncpy(string, bnad_net_stats_strings[i], + ETH_GSTRING_LEN); string += ETH_GSTRING_LEN; } bmap = bna_tx_rid_mask(&bnad->bna); -- 2.17.1