Revert "of: fix of_property_read_string"

This reverts commit 9c3d11c6a2f1e86927cd762dfaa696c82def8e95. That commit was merged too hastily with improper review, and is not only the wrong fix, but it appears to allow malformed device trees to propagate non-NULL-terminated strings into the kernel which can result in kernel code accessing beyond the end of the string. Upstream discussion at https://www.mail-archive.com/devicetree@vger.kernel.org/msg68463.html Change-Id: I418b29bea7e8e088e1c54c49896264616eed1b83 Reviewed-on: http://git.am.freescale.net:8181/34776 Reviewed-by: Stuart Yoder <stuart.yoder@freescale.com> Tested-by: Honghua Yin <Hong-Hua.Yin@freescale.com> Reviewed-by: Honghua Yin <Hong-Hua.Yin@freescale.com>
author: Scott Wood <scottwood@freescale.com> 2015-04-10 22:57:34 (GMT)
committer: Honghua Yin <Hong-Hua.Yin@freescale.com> 2015-04-14 00:37:28 (GMT)
commit: e306143c7e4d57c3b792e66fb8f581c37c6b85eb (patch)
tree: 7f45537114ecfc260a3855c5e339491f4cce41ef /drivers/of
parent: eba037730dfa5ae63be4f733b79f4746686ea5e3 (diff)
download: linux-fsl-qoriq-e306143c7e4d57c3b792e66fb8f581c37c6b85eb.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/of/base.c b/drivers/of/base.c
index 17fcc72..6c18ab2 100644
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -1049,6 +1049,8 @@ int of_property_read_string(struct device_node *np, const char *propname,
 		return -EINVAL;
 	if (!prop->value)
 		return -ENODATA;
+	if (strnlen(prop->value, prop->length) >= prop->length)
+		return -EILSEQ;
 	*out_string = prop->value;
 	return 0;
 }
author	Scott Wood <scottwood@freescale.com>	2015-04-10 22:57:34 (GMT)
committer	Honghua Yin <Hong-Hua.Yin@freescale.com>	2015-04-14 00:37:28 (GMT)
commit	e306143c7e4d57c3b792e66fb8f581c37c6b85eb (patch)
tree	7f45537114ecfc260a3855c5e339491f4cce41ef /drivers/of
parent	eba037730dfa5ae63be4f733b79f4746686ea5e3 (diff)
download	linux-fsl-qoriq-e306143c7e4d57c3b792e66fb8f581c37c6b85eb.tar.xz