This is a note to let you know that I've just added the patch titled

siox: fix possible buffer overflow in device_add_store

to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...

The filename of the patch is: siox-fix-possible-buffer-overflow-in-device_add_store.patch and it can be found in the queue-4.16 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.

From f87deada80fe483e2286e29cd866dc66ddc2b6bc Mon Sep 17 00:00:00 2001

From: Gavin Schenk g.schenk@eckelmann.de Date: Wed, 14 Feb 2018 15:25:02 +0100 Subject: siox: fix possible buffer overflow in device_add_store MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit

From: Gavin Schenk g.schenk@eckelmann.de

commit f87deada80fe483e2286e29cd866dc66ddc2b6bc upstream.

Width 20 given in format string is larger than destination buffer 'type[20]', use %19s to prevent overflowing it.

Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX") Cc: stable stable@vger.kernel.org Reported-by: David Binderman dcb314@hotmail.com Signed-off-by: Gavin Schenk g.schenk@eckelmann.de Reviewed-by: Uwe Kleine-König u.kleine-koenig@pengutronix.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org

--- drivers/siox/siox-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/siox/siox-core.c +++ b/drivers/siox/siox-core.c @@ -594,7 +594,7 @@ static ssize_t device_add_store(struct d size_t inbytes = 0, outbytes = 0; u8 statustype = 0;

- ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes, + ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes, &outbytes, &statustype); if (ret != 3 && ret != 4) return -EINVAL;

Patches currently in stable-queue which might be from g.schenk@eckelmann.de are

queue-4.16/siox-fix-possible-buffer-overflow-in-device_add_store.patch