| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140423090904.GV26890@mwanda> Date: Wed, 23 Apr 2014 12:09:04 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: Michalis Pappas <mpappas@...tmail.fm> Cc: devel@...verdev.osuosl.org, Greg KH <gregkh@...uxfoundation.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3 0/3] staging: gdm72xx: Minor cleanup On Wed, Apr 23, 2014 at 12:05:57PM +0300, Dan Carpenter wrote: > On Wed, Apr 23, 2014 at 04:49:26PM +0800, Michalis Pappas wrote: > > Hi Dan, thanks for looking at this. From the above snippet I realize > > that I wasn't aware of the strict flag, so significantly less errors > > were produced. > > > > The issues I was referring to as pedantic are: > > > > WARNING: unchecked sscanf return value > > #296: FILE: gdm_wimax.c:296: > > + sscanf(e->dev->name, "wm%d", &idx); > > > > does this really need to be checked? > > Just check it. The code as is looks like a information leak (security > vulnerability) until you realize that e->dev->name is probably a known, > trusted string. Btw, we saw a "fix" for this earlier which just printed an error message. Don't do that. Assume that static checkers will soon start complaining about the info leak instead of just looking at sscanf(). regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists