On Fri, Apr 27, 2018 at 10:45:31AM +0200, Paolo Abeni wrote:
> strlcpy() can't be safely used on a user-space provided string,
> as it can try to read beyond the buffer's end, if the latter is
> not NULL terminated.
Applied, thanks!
On Fri, Apr 27, 2018 at 11:26 AM, Florian Westphal wrote:
> Paolo Abeni wrote:
>> strlcpy() can't be safely used on a user-space provided string,
>> as it can try to read beyond the buffer's end, if the latter is
>> not NULL terminated.
>
> Yes.
>
>> Leveraging the above, syzbot has been able to
Paolo Abeni wrote:
> strlcpy() can't be safely used on a user-space provided string,
> as it can try to read beyond the buffer's end, if the latter is
> not NULL terminated.
Yes.
> Leveraging the above, syzbot has been able to trigger the following
> splat:
>
> BUG: KASAN: stack-out-of-bounds i
