forked from luck/tmp_suning_uos_patched
Drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id
There's a bug which passes the output buffer size as MAX_IP_ADDR_SIZE, when converting the adapter_id field to UTF16. This is much larger than the actual size (MAX_ADAPTER_ID_SIZE). Fix this by passing the proper size. Fortunately, the translation is limited by the length of the input. This explains why we haven't seen output buffer overflow conditions. Signed-off-by: Alex Ng <alexng@messages.microsoft.com> Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
c548f3957e
commit
ddce54b6a9
|
@ -304,7 +304,7 @@ static int process_ob_ipinfo(void *in_msg, void *out_msg, int op)
|
||||||
strlen((char *)in->body.kvp_ip_val.adapter_id),
|
strlen((char *)in->body.kvp_ip_val.adapter_id),
|
||||||
UTF16_HOST_ENDIAN,
|
UTF16_HOST_ENDIAN,
|
||||||
(wchar_t *)out->kvp_ip_val.adapter_id,
|
(wchar_t *)out->kvp_ip_val.adapter_id,
|
||||||
MAX_IP_ADDR_SIZE);
|
MAX_ADAPTER_ID_SIZE);
|
||||||
if (len < 0)
|
if (len < 0)
|
||||||
return len;
|
return len;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user