Drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id

There's a bug which passes the output buffer size as MAX_IP_ADDR_SIZE,
when converting the adapter_id field to UTF16. This is much larger than
the actual size (MAX_ADAPTER_ID_SIZE). Fix this by passing the proper
size.

Fortunately, the translation is limited by the length of the input. This
explains why we haven't seen output buffer overflow conditions.

Signed-off-by: Alex Ng <alexng@messages.microsoft.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Alex Ng 2017-08-06 13:12:56 -07:00 committed by Greg Kroah-Hartman
parent c548f3957e
commit ddce54b6a9

View File

@ -304,7 +304,7 @@ static int process_ob_ipinfo(void *in_msg, void *out_msg, int op)
strlen((char *)in->body.kvp_ip_val.adapter_id), strlen((char *)in->body.kvp_ip_val.adapter_id),
UTF16_HOST_ENDIAN, UTF16_HOST_ENDIAN,
(wchar_t *)out->kvp_ip_val.adapter_id, (wchar_t *)out->kvp_ip_val.adapter_id,
MAX_IP_ADDR_SIZE); MAX_ADAPTER_ID_SIZE);
if (len < 0) if (len < 0)
return len; return len;