| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jan 2016 14:05:30 -0500 From: Insu Yun <wuninsu@...il.com> To: matt@...eblueprint.co.uk, linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org Cc: taesoo@...ech.edu, yeongjin.jang@...ech.edu, insu@...ech.edu, changwoo@...ech.edu, Insu Yun <wuninsu@...il.com> Subject: [PATCH] efi: fix out-of-bounds null overwrite vulnerability snprintf's return value is not bound by size value. (https://www.kernel.org/doc/htmldocs/kernel-api/API-snprintf.html) if printed value is larger than buffer size, it can overwrite null byte in out-of-bounds buffer. Signed-off-by: Insu Yun <wuninsu@...il.com> --- drivers/firmware/efi/cper.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c index d425374..77aa75f 100644 --- a/drivers/firmware/efi/cper.c +++ b/drivers/firmware/efi/cper.c @@ -267,7 +267,6 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg) "DIMM location: not present. DMI handle: 0x%.4x ", mem->mem_dev_handle); - msg[n] = '\0'; return n; } -- 1.9.1
Powered by blists - more mailing lists