tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

platform/x86: hp-bioscfg: prevent a small buffer overflow

This function escapes certain special characters like \n. So if the
last character in the string is a '\n' then it gets changed into two
characters '\' and '\n'. But maybe we only have space for the '\' so
we need to check for that.

The "conv_dst_size" variable is always less than or to equal the "size"
variable. It's easier to just check "conv_dst_size" instead of checking
both.

Fixes: a34fc329b189 ("platform/x86: hp-bioscfg: bioscfg")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/b4950310-e65f-412f-8d2b-90bb074a6572@moroto.mountain
Reviewed-by: Jorge Lopez <jorge.lopez2@hp.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>

authored by

Dan Carpenter and committed by
Hans de Goede b3a8692d 93d99fd8

+5 -2
+5 -2
drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
··· 94 94 utf16s_to_utf8s(src, src_size, UTF16_HOST_ENDIAN, dst, conv_dst_size); 95 95 dst[conv_dst_size] = 0; 96 96 97 - for (i = 0; i < size && i < conv_dst_size; i++) { 97 + for (i = 0; i < conv_dst_size; i++) { 98 98 if (*src == '\\' || 99 99 *src == '\r' || 100 100 *src == '\n' || 101 - *src == '\t') 101 + *src == '\t') { 102 102 dst[i++] = '\\'; 103 + if (i == conv_dst_size) 104 + break; 105 + } 103 106 104 107 if (*src == '\r') 105 108 dst[i] = 'r';