[lvc-project] [PATCH] platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()
Vladimir Moskovkin
Vladimir.Moskovkin at kaspersky.com
Wed May 14 15:12:55 MSK 2025
If the 'buf' array received from the user contains an empty string, the
'length' variable will be zero. Accessing the 'buf' array element with
index 'length - 1' will result in a buffer overflow.
Add a check for an empty string.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: e8a60aa7404b ("platform/x86: Introduce support for Systems Management Driver over WMI for Dell Systems")
Cc: stable at vger.kernel.org
Signed-off-by: Vladimir Moskovkin <Vladimir.Moskovkin at kaspersky.com>
---
drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c b/drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c
index 230e6ee96636..d8f1bf5e58a0 100644
--- a/drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c
+++ b/drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c
@@ -45,7 +45,7 @@ static ssize_t current_password_store(struct kobject *kobj,
int length;
length = strlen(buf);
- if (buf[length-1] == '\n')
+ if (length && buf[length - 1] == '\n')
length--;
/* firmware does verifiation of min/max password length,
--
2.25.1
More information about the lvc-project
mailing list