kernel_realme_sm7125

Evolution-X-Devices/kernel_realme_sm7125

Files

Simon Horman 7ee0bb24b8 tipc: guard against string buffer overrun

[ Upstream commit 6555a2a9212be6983d2319d65276484f7c5f431a ]

Smatch reports that copying media_name and if_name to name_parts may
overwrite the destination.

 .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16)
 .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16)

This does seem to be the case so guard against this possibility by using
strscpy() and failing if truncation occurs.

Introduced by commit b97bf3fd8f ("[TIPC] Initial merge")

Compile tested only.

Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20240801-tipic-overrun-v2-1-c5b869d1f074@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 8298b6e45fb4d8944f356b08e4ea3e54df5e0488)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>

2025-12-17 19:44:47 +05:30

addr.c

…

addr.h

…

bcast.c

…

bcast.h

…

bearer.c

tipc: guard against string buffer overrun

2025-12-17 19:44:47 +05:30

bearer.h

…

core.c

tipc: fix use-after-free in tipc_bcast_get_mode

2020-11-10 10:29:02 +01:00

core.h

…

discover.c

…

discover.h

…

eth_media.c

…

ib_media.c

…

Kconfig

…

link.c

tipc: Fix potential OOB in tipc_link_proto_rcv()

2025-12-17 11:45:46 +05:30

link.h

…

Makefile

…

monitor.c

tipc: fix shift wrapping bug in map_get()

2025-12-17 01:02:05 +05:30

monitor.h

…

msg.c

tipc: fix UAF in error path

2025-12-17 19:23:03 +05:30

msg.h

…

name_distr.c

tipc: rate limit warning for received illegal binding update

2022-02-16 12:44:51 +01:00

name_distr.h

…

name_table.c

…

name_table.h

…

net.c

…

net.h

…

netlink_compat.c

tipc: Fix kernel-infoleak due to uninitialized TLV value

2025-12-17 19:04:36 +05:30

netlink.c

tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING

2025-12-17 16:10:40 +05:30

netlink.h

…

node.c

tipc: tipc clang warning

2020-01-27 14:46:27 +01:00

node.h

…

server.c

…

server.h

…

socket.c

tipc: improve function tipc_wait_for_cond()

2025-12-17 12:47:46 +05:30

socket.h

…

subscr.c

tipc: fix modprobe tipc failed after switch order of device registration

2019-06-09 09:18:12 +02:00

subscr.h

tipc: fix modprobe tipc failed after switch order of device registration

2019-06-09 09:18:12 +02:00

sysctl.c

tipc: set sysctl_tipc_rmem and named_timeout right range

2020-01-27 14:46:29 +01:00

udp_media.c

tipc: Return non-zero value from tipc_udp_addr2str() on error

2025-12-17 19:37:33 +05:30

udp_media.h

…