| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Mar 2011 09:21:41 -0500 From: chenliu@...et.uwaterloo.ca To: schwidefsky@...ibm.com, heiko.carstens@...ibm.com, linux-kernel@...r.kernel.org Subject: [PATCH 2/2]early: fix possible overlapping data buffer This patch fixes bugzilla #12965: https://bugzilla.kernel.org/show_bug.cgi?id=12965 The original code contains dangerous uses of sprintf functions like sprintf(defsys_cmd, "%s EW MINSIZE=%.7iK PARMREGS=0-13", defsys_cmd, min_size), where defsys_cmd is defined as a fixed length buffer. Replace them with snprintf can fix such issues. Signed-off-by: Chen Liu <chenliunju@...il.com> --- arch/s390/kernel/early.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kernel/early.c b/arch/s390/kernel/early.c --- a/arch/s390/kernel/early.c 2010-09-04 23:28:51.706415118 -0400 +++ b/arch/s390/kernel/early.c 2011-03-03 23:22:54.437040630 -0500 @@ -138,8 +138,8 @@ static noinline __init void create_kerne } #endif - sprintf(defsys_cmd, "%s EW MINSIZE=%.7iK PARMREGS=0-13", - defsys_cmd, min_size); + snprintf(defsys_cmd, sizeof(defsys_cmd), + "%s EW MINSIZE=%.7iK PARMREGS=0-13", defsys_cmd, min_size); sprintf(savesys_cmd, "SAVESYS %s \n IPL %s", kernel_nss_name, kernel_nss_name); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists