lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Fri, 08 Jan 2016 01:48:39 +0100
From:	"Rafael J. Wysocki" <rjw@...ysocki.net>
To:	Viresh Kumar <viresh.kumar@...aro.org>
Cc:	linaro-kernel@...ts.linaro.org, linux-pm@...r.kernel.org,
	Geert Uytterhoeven <geert@...ux-m68k.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Len Brown <len.brown@...el.com>,
	open list <linux-kernel@...r.kernel.org>,
	Nishanth Menon <nm@...com>, Pavel Machek <pavel@....cz>,
	Stephen Boyd <sboyd@...eaurora.org>,
	Viresh Kumar <vireshk@...nel.org>
Subject: Re: [PATCH] PM / OPP: Use snprintf() instead of sprintf()

On Tuesday, January 05, 2016 04:15:54 PM Viresh Kumar wrote:
> sprintf() can access memory outside of the range of the character array,
> and is risky in some situations. The driver specified prop_name string
> can be longer than NAME_MAX here (only an attacker will do that though)
> and so blindly copying it into the character array of size NAME_MAX
> isn't safe. Instead we must use snprintf() here.
> 
> Reported-by: Geert Uytterhoeven <geert@...ux-m68k.org>
> Signed-off-by: Viresh Kumar <viresh.kumar@...aro.org>

Applied, thanks!

> ---
>  drivers/base/power/opp/core.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c
> index cd230c63aee6..cf351d3dab1c 100644
> --- a/drivers/base/power/opp/core.c
> +++ b/drivers/base/power/opp/core.c
> @@ -808,7 +808,8 @@ static int opp_parse_supplies(struct dev_pm_opp *opp, struct device *dev,
>  
>  	/* Search for "opp-microvolt-<name>" */
>  	if (dev_opp->prop_name) {
> -		sprintf(name, "opp-microvolt-%s", dev_opp->prop_name);
> +		snprintf(name, sizeof(name), "opp-microvolt-%s",
> +			 dev_opp->prop_name);
>  		prop = of_find_property(opp->np, name, NULL);
>  	}
>  
> @@ -849,7 +850,8 @@ static int opp_parse_supplies(struct dev_pm_opp *opp, struct device *dev,
>  	/* Search for "opp-microamp-<name>" */
>  	prop = NULL;
>  	if (dev_opp->prop_name) {
> -		sprintf(name, "opp-microamp-%s", dev_opp->prop_name);
> +		snprintf(name, sizeof(name), "opp-microamp-%s",
> +			 dev_opp->prop_name);
>  		prop = of_find_property(opp->np, name, NULL);
>  	}
>  
> 

-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

Powered by blists - more mailing lists