telephony: ijx: buffer overflow in ixj_write_cid()
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 3 Dec 2012 19:05:12 +0000 (22:05 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 17 Dec 2012 18:37:44 +0000 (10:37 -0800)
commit2ee75ba7f69754ee04e723b037b15715c0483d50
treee99b44ee390ca80d70fbebcba4c79ff229a1d8f4
parent5678ad746ce7654007d3fd521015ff93ef907747
telephony: ijx: buffer overflow in ixj_write_cid()

[Not needed in 3.8 or newer as this driver is removed there. - gregkh]

We get this from user space and nothing has been done to ensure that
these strings are NUL terminated.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/telephony/ixj.c