From: Ian Abbott <abbotti@mev.co.uk>
Date: Mon, 27 Jun 2011 10:05:39 +0000 (+0100)
Subject: Fix infoleak to userspace.
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=235b6b00c564871680cee0a615761d9bcf6c5043;p=comedi.git

Fix infoleak to userspace.

Following Vasiliy Kulikov <segoon _at_ openwall _dot_ org>'s patch for
the staging sources:

driver_name and board_name are pointers to strings, not buffers of size
COMEDI_NAMELEN.  Copying COMEDI_NAMELEN bytes of a string containing
less than COMEDI_NAMELEN-1 bytes would leak some unrelated bytes.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
---

diff --git a/comedi/comedi_fops.c b/comedi/comedi_fops.c
index b07a34bb..29fbcb34 100644
--- a/comedi/comedi_fops.c
+++ b/comedi/comedi_fops.c
@@ -397,8 +397,8 @@ static int do_devinfo_ioctl(comedi_device * dev, comedi_devinfo * arg,
 	/* fill devinfo structure */
 	devinfo.version_code = COMEDI_VERSION_CODE;
 	devinfo.n_subdevs = dev->n_subdevices;
-	memcpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
-	memcpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
+	strlcpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
+	strlcpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
 
 	if (read_subdev) {
 		devinfo.read_subdevice = read_subdev - dev->subdevices;