aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-05-13 12:50:40 -0400
committerJames Morris <jmorris@namei.org>2009-05-14 08:23:47 +1000
commitb103387037cea2ba0f04b44d408d54c53f678061 (patch)
tree8c5e1aed3fb6e419596c71eaedbfc91959b63c70 /security
parentd93e4c940f51ae06b59c14523c4d55947f9597d6 (diff)
TPM: get_event_name stack corruption
get_event_name uses sprintf to fill a buffer declared on the stack. It fills the buffer 2 bytes at a time. What the code doesn't take into account is that sprintf(buf, "%02x", data) actually writes 3 bytes. 2 bytes for the data and then it nul terminates the string. Since we declare buf to be 40 characters long and then we write 40 bytes of data into buf sprintf is going to write 41 characters. The fix is to leave room in buf for the nul terminator. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions