Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp333683rwb; Sat, 14 Jan 2023 00:56:19 -0800 (PST) X-Google-Smtp-Source: AMrXdXuGNQYu72u1FdxwrBRLs5dMsmW/2ryC+HDIYKKIDFybcEWf2oDLd9BK3vW1yZqgNuKRl6Vi X-Received: by 2002:a17:90a:4ca2:b0:21d:5e73:d562 with SMTP id k31-20020a17090a4ca200b0021d5e73d562mr86060827pjh.27.1673686579064; Sat, 14 Jan 2023 00:56:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673686579; cv=none; d=google.com; s=arc-20160816; b=P/cdLtWbThvw4gAiTL4MLSrn4WQtfNL16VsJ3XTcc5CRYuU+UoLzTJMIFm47VN03ku MGRVzLHUBnzuiMnO32l2JF4cXhZYctq7dRl2bNH3gTsHBkACwcHjdg2kBtEcDegdOIaw iXfb3H+gb/XqRuUMNAxMbyhxcQAZOXAUwDXFl/RZpAEOME0qHAJF2+jjdVTV9Zrfy7kx 60nNyzgHD9hvZ2ntxY+jTPjPApu3O2Z0hCl8QQ8ScS+b8IRzCHyU4Ah20jrBTZJxTxXC ZGCJET1B8XV44qeAo4znk1t1DRg9c7NkttiVcoYJi6whSeqNAHq9jnbvggzGjRR4AVWo C0mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=2ZFkRSn12lIixu5iH+qX++JmEp/UZFdDNNLMpO+3PiI=; b=RdLsZJP3u/6Xeu4FCkJ2EvDuLJsxo9seI3werLJvaajLoxERMXLzwGAxH1MJQfinWV NC0jYmol30jyeBNLO3drHAtMykdpUDQMdC32XeVzO8CEeZDqVM17/BvITthxgNUM0GAU i0GJ0TDEQZpy8iwx1GfKfiN9LGsG0GJ/jUOmEmavFkaqBYefgiSeix/kkAkvjZk9+aLR Nr6RMauMHI+jxvNa09cF9by9klk7VQZY1uA0nMxOFl1ZE+Nulg6GidYZc05dQ5j0y5I+ 7u0wtjitOiR+iI4Ipw+evrah5zAdIEU5dQA+2TdPQNgDYzOdxbrThd0HwgKIJ64rBNaQ 2dRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmx.de header.s=s31663417 header.b=fNruRlh0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmx.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u35-20020a634723000000b0048219b9d027si22949800pga.269.2023.01.14.00.56.12; Sat, 14 Jan 2023 00:56:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmx.de header.s=s31663417 header.b=fNruRlh0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmx.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229822AbjANIvM (ORCPT + 53 others); Sat, 14 Jan 2023 03:51:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229802AbjANIvF (ORCPT ); Sat, 14 Jan 2023 03:51:05 -0500 Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE3D459F1; Sat, 14 Jan 2023 00:51:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1673686255; bh=zgmY30I4tEWM4rEEvgKQBcv1RAfd1GYCmFE+On31E6M=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date; b=fNruRlh0nAz40khDRlr1J9FzlT0nIUx9WXF8aWP53rzMxpqOniI2iTQUieZgRtj10 XOJyml6gJalpmBn+fYxF+AgEJq63sQ15Ldg2YTB6a6958QcylS3WJ7zzbHDcVh7hCQ z5AteDfw0OiIGTCGHxHpVejKlCdLw5xyIVregyhkjBILnSSx7eefs8XjOY35/Pruj6 wL52mSBIGq4GnTTQdKnP2z9pnajs8S9aiafXnJrGrX3NnCrBVcKOkiRwV3inGMmisQ SlTdRP2rOtV/p3d1gHGppJMNwDSj2+bHBxJvOluKO7GtQ/6EHVNo8hmm8mkkhdIg+N P+R3HDWzsFeLQ== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from esprimo-mx.users.agdsn.de ([141.30.226.129]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1M1poA-1pIo6h1X6O-002FBB; Sat, 14 Jan 2023 09:50:55 +0100 From: Armin Wolf To: rafael@kernel.org, lenb@kernel.org Cc: linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 0/4] ACPI: battery: Fix various string handling issues Date: Sat, 14 Jan 2023 09:50:49 +0100 Message-Id: <20230114085053.72059-1-W_Armin@gmx.de> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:F9UQ7ho31TcO6Q3T/EScZoWOjgttuOgOrPin1YUcy5bQEL/XuZr rWJEq1Z43x04RbUhUn/xpNAeloYyOyhU+lH1R7CXyiSWY+/7y0XfAuEkEO9VFwctP2Vf6Pz XogiuuS6ciAdGU3hsYtkmrA0oxJUreNVfrZI223MpUhC1tg3THQLSOl1Tx2e2NjWvvPkpcj PYGCufy6tJn6I+aOo5RjQ== UI-OutboundReport: notjunk:1;M01:P0:amZsE0b69sw=;gDg8sThy349vKQlrCIIxsk5AP6V mosjPcZUUtJSueFkdGv/tQTqKtXjSAiUFUJDhNkQ3FWbAo4HVL9kGVyCEcj2H5eO/ScfJ9gVR QrMNfuV03gHjuUjJ3yJvg3uAPt5OyPIuEN40lBn2Qz0XzzgWVyd4dplBMT/4bsbz3YffU51Ul iAOkL/7XFcSvG63voKR+dB34fDLHwMKSS5vHiPDTFqx6d+gDAoILJMFuQGeG1RqFeui8uFm/U Xbd0h46yPiwfxsHSR7AqV/4NvLjQtXunkC+dsjz6PZT8G80I3561BPWSb3IrhcCxyRjFPN1rv uBNxzV+wS3onXis0pB20C/XeVufull872c+RAPh0RJ+JuDaMZCdzZBnEpMPRYH48qFM6HuJkH c+kyTreV/OHhH5l4sxWdKXHCxq6BDc92FkZciw/7gZRMsxZHQgpHuAGc55wBpqmn3bpc4SmH7 W3/ro8hdkPGvcy7/wdW17axZdOz1442V92SBxV/q1uxKjilPhwRMd25b68mDxZxuWVIKY2Rt4 z5ZZxqo0WKpkjIGw/APT3ueMKmpWIY07Jxq7mU/9NtKaafDppblmHtN2qqk8KQgsEMGHGVEAw Y/5osflTaYIO7pjnXuSoJGLDi2Lp0UF0OqPrbb1si58MQbUsJj53yeFwZAnX0Se+g4fUURK+7 LRD0Dp5ViW2SezSQJrl0PcGDMqJSj95MN2LjOx6iiRnT4j6bTXOpSZD8CPz4wZfUjBRLvd7bD 3M1jfhRz+scJOJ8h7vS4C/4jHvLdzP2ORN05m5UUd5dla+dWP8xi7JSH43g8aAz0t6Mm413dU wI7xtrtch6pvKBfNWdNWgeaEnB3f88Xv5l4wWvh2k1lubPydLfVJGxYmRkeh9s8I1mOOuXlrU l3JQy3MZxl7qHjcL6lBF7DhDOZmaH7BTiXeyMavb7uHCbp4ZDddO7YMJqYI7QAOnPPDzUV3da 8cUoMNyQoW/YoGOqYJCEhBejFVc= X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On my Dell Inspiron 3505, the battery model name was displayed differently than when running Windows. While i first suspected an ACPI issue, it turned out that the real reason was the ACPI battery driver failing to handle strings larger than 32 bytes. This caused the model name of the battery (35 bytes long, hex string) to miss proper NUL-termination, causing a buffer overread later. Luckely, a valid string was stored right after the now invalid string, appending only the battery serial number to the original model name. The first patch deals with this issues, while the second patch fixes another problem which could happen when handling buffers. The third patch adds a minor improvement to the string handling code and the fourth patch finally increases the maximum string length to avoid truncating such larger strings. The patch series was tested on a Dell Inspiron 3505 and appears to work properly. Armin Wolf (4): ACPI: battery: Fix missing NUL-termination with large strings ACPI: battery: Fix buffer overread if not NUL-terminated ACPI: battery: Replace strncpy() with strscpy() ACPI: battery: Increase maximum string length drivers/acpi/battery.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) =2D- 2.30.2