lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 15 Apr 2009 02:13:54 +0200
From:	Frederic Weisbecker <fweisbec@...il.com>
To:	Joe Perches <joe@...ches.com>
Cc:	Ingo Molnar <mingo@...e.hu>, Steven Rostedt <rostedt@...dmis.org>,
	Zhaolei <zhaolei@...fujitsu.com>,
	Tom Zanussi <tzanussi@...il.com>,
	Li Zefan <lizf@...fujitsu.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] vsprintf: introduce %pf

On Tue, Apr 14, 2009 at 05:09:56PM -0700, Joe Perches wrote:
> On Wed, 2009-04-15 at 02:00 +0200, Frederic Weisbecker wrote:
> > diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> > index b56f6d0..15c9094 100644
> > --- a/lib/vsprintf.c
> > +++ b/lib/vsprintf.c
> > @@ -575,12 +575,15 @@ static char *string(char *buf, char *end, char *s, struct printf_spec spec)
> >  }
> >  
> >  static char *symbol_string(char *buf, char *end, void *ptr,
> > -				struct printf_spec spec)
> > +				struct printf_spec spec, char ext)
> >  {
> >  	unsigned long value = (unsigned long) ptr;
> >  #ifdef CONFIG_KALLSYMS
> >  	char sym[KSYM_SYMBOL_LEN];
> > -	sprint_symbol(sym, value);
> > +	if (ext != 'f')
> > +		sprint_symbol(sym, value);
> > +	else
> > +		kallsyms_lookup(value, NULL, NULL, NULL, sym);
> 
> buffer overflow waiting to happen yes?


But a symbol is not supposed to exceed KSYM_SYMBOL_LEN. 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists