Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3031758imu; Mon, 19 Nov 2018 09:36:25 -0800 (PST) X-Google-Smtp-Source: AJdET5dNXXMKo03WlFWSaq2JcfeWZv1w95hIJz2tweNgHfGRRjaTDw3SxF9Jhh5sj+azII0uoR+n X-Received: by 2002:a17:902:3341:: with SMTP id a59-v6mr22961236plc.220.1542648985072; Mon, 19 Nov 2018 09:36:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542648985; cv=none; d=google.com; s=arc-20160816; b=fZGZwmQ0DT8Og3kaIbPwCGZMiuFT97DSAlT5Is/7FJem4VOPNdnNh/7yyYoLbdpTij 2HvsqzzQ+kbT/cEmnITxw9lNLbi+rDs6vNoAGNISVV2fDjybfRRIp63FSI/eokrJ8Jsx 9cA6UHgw20pU1nweRtpZSWohoyDiTX9ix6aKy2hEgLxz/D6TV0xD+BGFhRjlNPjdv0Rn H0LjcKe4go+k1PmHP2pI6UegvwI5WjF3Gq/sINYPajjl5a5xOK0ZDoeYa7S/u1xyqfdf GZSijX/s/yYjm+U6aL6NXWIysTFG5RfUnWDeZ9IQmtNIwxyVeSWHRnnN4K0fkmhJkg4+ 5rWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/GL4Zt8YKtFYjLxlZ+IY4bgBnunrzUxWAc2Etf0QP6M=; b=mdXpUwn9TvHH55pzjWCI3DI98cz945olwLE5hS9TVZa6fIIi/jevMGNGjwX9goFpxd Y3MDpuZxhCUMxjcNoUYKrKvQLKPdGzXGelvZy7lGRVcgcs0iVss5E7Sik1W04P6RAMjP iRk+ayr9O6x0N9oZoM5Gzr5qoBLXtrIiXu8NdTptNclj6arJuTX3EO93vRXX3UQugL/T 9kzTsARsawEMSs7GWFmAASGVSHJRRDLI9jLyRE2oIj12vrlKQEplnR4SToPoUKqyLK7b E9JRMXR10J+ZpqBmU8MCFo19m0nHAE+vpKKfR0YJCFR0ScDEKMBL298wfzD+3LFtkLP0 c5fw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=l4M8cYBY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a11si754293pla.20.2018.11.19.09.36.09; Mon, 19 Nov 2018 09:36:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=l4M8cYBY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2403910AbeKTDRd (ORCPT + 99 others); Mon, 19 Nov 2018 22:17:33 -0500 Received: from mail.kernel.org ([198.145.29.99]:55938 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390358AbeKTDRb (ORCPT ); Mon, 19 Nov 2018 22:17:31 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A495020851; Mon, 19 Nov 2018 16:53:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542646397; bh=BihI3QQbUpR6ckdJdWYOkqkRHyPPoonHSxpfqwU09CA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l4M8cYBYP6ufLJeK///M29ofhIMf1F4Z2waaYSCCmwjMjGd6vpoSqSnUS1NNw7xwW xVzPMMEkHmAKTxJptxRvSCstZZmM65rcEbY6QP7ixlM0GO4eNtGktI9OJ57L4QG9rH g3HlUFD3+sSkHrQcZ8FF6qvXCCdA49MAUlPf+Tn0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Micay , Kees Cook , "David S. Miller" , Sasha Levin Subject: [PATCH 4.9 25/83] bna: ethtool: Avoid reading past end of buffer Date: Mon, 19 Nov 2018 17:28:51 +0100 Message-Id: <20181119162617.475044837@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181119162612.046511542@linuxfoundation.org> References: <20181119162612.046511542@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 4dc69c1c1fff2f587f8e737e70b4a4e7565a5c94 ] Using memcpy() from a string that is shorter than the length copied means the destination buffer is being filled with arbitrary data from the kernel rodata segment. Instead, use strncpy() which will fill the trailing bytes with zeros. This was found with the future CONFIG_FORTIFY_SOURCE feature. Cc: Daniel Micay Signed-off-by: Kees Cook Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/ethernet/brocade/bna/bnad_ethtool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/brocade/bna/bnad_ethtool.c b/drivers/net/ethernet/brocade/bna/bnad_ethtool.c index 31f61a744d66..9473d12ce239 100644 --- a/drivers/net/ethernet/brocade/bna/bnad_ethtool.c +++ b/drivers/net/ethernet/brocade/bna/bnad_ethtool.c @@ -541,8 +541,8 @@ bnad_get_strings(struct net_device *netdev, u32 stringset, u8 *string) for (i = 0; i < BNAD_ETHTOOL_STATS_NUM; i++) { BUG_ON(!(strlen(bnad_net_stats_strings[i]) < ETH_GSTRING_LEN)); - memcpy(string, bnad_net_stats_strings[i], - ETH_GSTRING_LEN); + strncpy(string, bnad_net_stats_strings[i], + ETH_GSTRING_LEN); string += ETH_GSTRING_LEN; } bmap = bna_tx_rid_mask(&bnad->bna); -- 2.17.1