lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jan 2016 11:52:47 -0800 From: Stephen Boyd <sboyd@...eaurora.org> To: Viresh Kumar <viresh.kumar@...aro.org> Cc: Rafael Wysocki <rjw@...ysocki.net>, linaro-kernel@...ts.linaro.org, linux-pm@...r.kernel.org, Geert Uytterhoeven <geert@...ux-m68k.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Len Brown <len.brown@...el.com>, open list <linux-kernel@...r.kernel.org>, Nishanth Menon <nm@...com>, Pavel Machek <pavel@....cz>, Viresh Kumar <vireshk@...nel.org> Subject: Re: [PATCH] PM / OPP: Use snprintf() instead of sprintf() On 01/05, Viresh Kumar wrote: > sprintf() can access memory outside of the range of the character array, > and is risky in some situations. The driver specified prop_name string > can be longer than NAME_MAX here (only an attacker will do that though) > and so blindly copying it into the character array of size NAME_MAX > isn't safe. Instead we must use snprintf() here. > > Reported-by: Geert Uytterhoeven <geert@...ux-m68k.org> > Signed-off-by: Viresh Kumar <viresh.kumar@...aro.org> > --- Acked-by: Stephen Boyd <sboyd@...eaurora.org> -- Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists