Skip to content

Commit f15332e

Browse files
committed
crypto: ccp: Fix for potential memory Out-of-Bounds access due to insufficient array size
In the function 'int sprint_symbol(char *buffer, unsigned long address)', the buffer variable will undergo a write operation "namebuf[KSYM_NAME_LEN - 1] = 0;" during the following call chain. Call Trace: tdm_get_cmd_context_hash -> sprint_symbol -> __sprint_symbol -> kallsyms_lookup_buildid Therefore, it is mandatory to ensure the buffer has a minimum size of KSYM_NAME_LEN. Signed-off-by: chench <chench@hygon.cn>
1 parent ea28d48 commit f15332e

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

drivers/crypto/ccp/hygon/tdm-dev.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -315,7 +315,7 @@ static int tdm_get_cmd_context_hash(uint32_t flag, uint8_t *hash)
315315
#if IS_BUILTIN(CONFIG_CRYPTO_DEV_CCP_DD)
316316
struct module *p_module = NULL;
317317
#elif IS_ENABLED(CONFIG_KALLSYMS)
318-
char symbol_buf[128] = {0};
318+
char symbol_buf[KSYM_NAME_LEN] = {0};
319319
int symbol_len = 0;
320320
char *symbol_begin = NULL;
321321
char *symbol_end = NULL;

0 commit comments

Comments
 (0)