telephony: ijx: buffer overflow in ixj_write_cid()
authorDan Carpenter <dan.carpenter@oracle.com>
Mon, 3 Dec 2012 19:05:12 +0000 (22:05 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 17 Dec 2012 19:06:53 +0000 (11:06 -0800)
commit83c9bff26b4445bfaebbe9317d4ad73f69c68fe6
treefa63ff44ac029b08693b3ca4cbe1207645190ad3
parentec92de46a243f6d014c8c42276b4b0cd72c4c9c5
telephony: ijx: buffer overflow in ixj_write_cid()

[Not needed in 3.8 or newer as this driver is removed there. - gregkh]

We get this from user space and nothing has been done to ensure that
these strings are NUL terminated.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/telephony/ixj.c