[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <yq1poxchjfh.fsf@sermon.lab.mkp.net>
Date: Thu, 07 Jan 2016 21:52:18 -0500
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: Insu Yun <wuninsu@...il.com>
Cc: brking@...ibm.com, JBottomley@...n.com, martin.petersen@...cle.com,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
taesoo@...ech.edu, yeongjin.jang@...ech.edu, insu@...ech.edu,
changwoo@...ech.edu, Shane Seymour <shane.seymour@....com>
Subject: Re: [PATCH v3] ipr: fix out-of-bounds null overwrite
>>>>> "Insu" == Insu Yun <wuninsu@...il.com> writes:
Insu> Return value of snprintf is not bound by size value, 2nd argument.
Insu> (https://www.kernel.org/doc/htmldocs/kernel-api/API-snprintf.html).
Insu> Return value is number of printed chars, can be larger than 2nd
Insu> argument. Therefore, it can write null byte out of bounds
Insu> ofbuffer. Since snprintf puts null, it does not need to put
Insu> additional null byte.
Applied to 4.5/scsi-queue.
--
Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists