On Fri, Apr 27, 2018 at 10:45:31AM +0200, Paolo Abeni wrote:
> strlcpy() can't be safely used on a user-space provided string,
> as it can try to read beyond the buffer's end, if the latter is
> not NULL terminated.
Applied, thanks!
On Fri, Apr 27, 2018 at 11:26 AM, Florian Westphal wrote:
> Paolo Abeni wrote:
>> strlcpy() can't be safely used on a user-space provided string,
>> as it can try to read beyond the buffer's end, if the latter is
>> not NULL terminated.
>
> Yes.
>
>> Leveraging the above, syzbot has been able to
Paolo Abeni wrote:
> strlcpy() can't be safely used on a user-space provided string,
> as it can try to read beyond the buffer's end, if the latter is
> not NULL terminated.
Yes.
> Leveraging the above, syzbot has been able to trigger the following
> splat:
>
> BUG: KASAN: stack-out-of-bounds i
strlcpy() can't be safely used on a user-space provided string,
as it can try to read beyond the buffer's end, if the latter is
not NULL terminated.
Leveraging the above, syzbot has been able to trigger the following
splat:
BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300
[in
