lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5jKgGvD8DkVptiDPeQmPECDVJEhLJJjp0ZtnE3dqm6hE1A@mail.gmail.com>
Date:	Tue, 6 Jan 2015 11:13:38 -0800
From:	Kees Cook <keescook@...omium.org>
To:	Mark Salyzyn <salyzyn@...roid.com>
Cc:	LKML <linux-kernel@...r.kernel.org>, Joe Perches <joe@...ches.com>,
	Anton Vorontsov <anton@...msg.org>,
	Colin Cross <ccross@...roid.com>,
	Tony Luck <tony.luck@...el.com>
Subject: Re: [PATCH v2 1/3] pstore: use scnprintf

On Tue, Jan 6, 2015 at 9:48 AM, Mark Salyzyn <salyzyn@...roid.com> wrote:
> No guarantees that the names will not exceed the
> name buffer with future adjustments.
>
> Signed-off-by: Mark Salyzyn <salyzyn@...roid.com>

Acked-by: Kees Cook <keescook@...omium.org>

Thanks!

-Kees

> ---
>  fs/pstore/inode.c | 23 +++++++++++++----------
>  1 file changed, 13 insertions(+), 10 deletions(-)
>
> diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
> index 5041660..1948567 100644
> --- a/fs/pstore/inode.c
> +++ b/fs/pstore/inode.c
> @@ -338,32 +338,35 @@ int pstore_mkfile(enum pstore_type_id type, char *psname, u64 id, int count,
>
>         switch (type) {
>         case PSTORE_TYPE_DMESG:
> -               sprintf(name, "dmesg-%s-%lld%s", psname, id,
> -                                               compressed ? ".enc.z" : "");
> +               scnprintf(name, sizeof(name), "dmesg-%s-%lld%s",
> +                         psname, id, compressed ? ".enc.z" : "");
>                 break;
>         case PSTORE_TYPE_CONSOLE:
> -               sprintf(name, "console-%s-%lld", psname, id);
> +               scnprintf(name, sizeof(name), "console-%s-%lld", psname, id);
>                 break;
>         case PSTORE_TYPE_FTRACE:
> -               sprintf(name, "ftrace-%s-%lld", psname, id);
> +               scnprintf(name, sizeof(name), "ftrace-%s-%lld", psname, id);
>                 break;
>         case PSTORE_TYPE_MCE:
> -               sprintf(name, "mce-%s-%lld", psname, id);
> +               scnprintf(name, sizeof(name), "mce-%s-%lld", psname, id);
>                 break;
>         case PSTORE_TYPE_PPC_RTAS:
> -               sprintf(name, "rtas-%s-%lld", psname, id);
> +               scnprintf(name, sizeof(name), "rtas-%s-%lld", psname, id);
>                 break;
>         case PSTORE_TYPE_PPC_OF:
> -               sprintf(name, "powerpc-ofw-%s-%lld", psname, id);
> +               scnprintf(name, sizeof(name), "powerpc-ofw-%s-%lld",
> +                         psname, id);
>                 break;
>         case PSTORE_TYPE_PPC_COMMON:
> -               sprintf(name, "powerpc-common-%s-%lld", psname, id);
> +               scnprintf(name, sizeof(name), "powerpc-common-%s-%lld",
> +                         psname, id);
>                 break;
>         case PSTORE_TYPE_UNKNOWN:
> -               sprintf(name, "unknown-%s-%lld", psname, id);
> +               scnprintf(name, sizeof(name), "unknown-%s-%lld", psname, id);
>                 break;
>         default:
> -               sprintf(name, "type%d-%s-%lld", type, psname, id);
> +               scnprintf(name, sizeof(name), "type%d-%s-%lld",
> +                         type, psname, id);
>                 break;
>         }
>
> --
> 2.2.0.rc0.207.ga3a616c
>



-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ