| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jan 2023 10:31:16 +0100
From: Petr Mladek <pmladek@...e.com>
To: John Ogness <john.ogness@...utronix.de>
Cc: Sergey Senozhatsky <senozhatsky@...omium.org>,
Steven Rostedt <rostedt@...dmis.org>,
coverity-bot <keescook@...omium.org>,
"Gustavo A . R . Silva" <gustavo@...eddedor.com>,
linux-next@...r.kernel.org, linux-hardening@...r.kernel.org,
linux-kernel@...r.kernel.org,
coverity-bot <keescook+coverity-bot@...omium.org>
Subject: Re: [PATCH] printk: Use scnprintf() to print the message about the
dropped messages on a console
On Tue 2023-01-17 17:10:31, Petr Mladek wrote:
> Use scnprintf() for printing the message about dropped messages on
> a console. It returns the really written length of the message.
> It prevents potential buffer overflow when the returned length is
> later used to copy the buffer content.
>
> Note that the previous code was safe because the scratch buffer was
> big enough and the message always fit in. But scnprintf() makes
> it more safe, definitely.
>
> Reported-by: coverity-bot <keescook+coverity-bot@...omium.org>
> Addresses-Coverity-ID: 1530570 ("Memory - corruptions")
> Fixes: c4fcc617e148 ("printk: introduce console_prepend_dropped() for dropped messages")
> Link: https://lore.kernel.org/r/202301131544.D9E804CCD@keescook
> Signed-off-by: Petr Mladek <pmladek@...e.com>
JFYI, the patch has been comitted into printk/linux.git,
branch rework/buffers-cleanup.
Best Regards,
Petr
Powered by blists - more mailing lists