On Wed, 14 May 2025 12:12:55 +0000, Vladimir Moskovkin wrote:
If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow.
Add a check for an empty string.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[...]
Thank you for your contribution, it has been applied to my local review-ilpo-fixes branch. Note it will show up in the public platform-drivers-x86/review-ilpo-fixes branch only once I've pushed my local branch there, which might take a while.
The list of commits applied: [1/1] platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() commit: 4e89a4077490f52cde652d17e32519b666abf3a6
-- i.