| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250419114011.164512-3-thorsten.blum@linux.dev>
Date: Sat, 19 Apr 2025 13:40:11 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Richard Henderson <richard.henderson@...aro.org>,
Matt Turner <mattst88@...il.com>,
Arnd Bergmann <arnd@...db.de>,
Al Viro <viro@...iv.linux.org.uk>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
"Mike Rapoport (Microsoft)" <rppt@...nel.org>,
Guo Weikang <guoweikang.kernel@...il.com>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>,
linux-hardening@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
"Paul E. McKenney" <paulmck@...nel.org>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
linux-alpha@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] alpha: Replace sprintf()/strcpy() with scnprintf()/strscpy()
Replace sprintf() with the safer variant scnprintf() and use its return
value instead of calculating the string length again using strlen().
Use strscpy() instead of the deprecated strcpy().
No functional changes intended.
Link: https://github.com/KSPP/linux/issues/88
Cc: linux-hardening@...r.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
---
arch/alpha/kernel/core_marvel.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/alpha/kernel/core_marvel.c b/arch/alpha/kernel/core_marvel.c
index b1bfbd11980d..d38f4d6759e4 100644
--- a/arch/alpha/kernel/core_marvel.c
+++ b/arch/alpha/kernel/core_marvel.c
@@ -17,6 +17,7 @@
#include <linux/vmalloc.h>
#include <linux/mc146818rtc.h>
#include <linux/rtc.h>
+#include <linux/string.h>
#include <linux/module.h>
#include <linux/memblock.h>
@@ -79,10 +80,12 @@ mk_resource_name(int pe, int port, char *str)
{
char tmp[80];
char *name;
-
- sprintf(tmp, "PCI %s PE %d PORT %d", str, pe, port);
- name = memblock_alloc_or_panic(strlen(tmp) + 1, SMP_CACHE_BYTES);
- strcpy(name, tmp);
+ size_t sz;
+
+ sz = scnprintf(tmp, sizeof(tmp), "PCI %s PE %d PORT %d", str, pe, port);
+ sz += 1; /* NUL terminator */
+ name = memblock_alloc_or_panic(sz, SMP_CACHE_BYTES);
+ strscpy(name, tmp, sz);
return name;
}
--
2.49.0
Powered by blists - more mailing lists