| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170317013748.GC10905@kroah.com>
Date: Fri, 17 Mar 2017 10:37:48 +0900
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Shuah Khan <shuah@...nel.org>
Cc: Jonathan Dieter <jdieter@...bg.com>, linux-kernel@...r.kernel.org,
Krzysztof Opasiak <k.opasiak@...sung.com>,
Valentina Manea <valentina.manea.m@...il.com>,
Peter Senna Tschudin <peter.senna@...il.com>,
"open list:USB OVER IP DRIVER" <linux-usb@...r.kernel.org>
Subject: Re: [PATCH v4 1/2] usbip: Fix-format-overflow
On Thu, Mar 16, 2017 at 09:04:54AM -0600, Shuah Khan wrote:
> On 02/27/2017 01:31 AM, Jonathan Dieter wrote:
> > The usbip userspace tools call sprintf()/snprintf() and don't check for
> > the return value which can lead the paths to overflow, truncating the
> > final file in the path.
> >
> > More urgently, GCC 7 now warns that these aren't checked with
> > -Wformat-overflow, and with -Werror enabled in configure.ac, that makes
> > these tools unbuildable.
> >
> > This patch fixes these problems by replacing sprintf() with snprintf() in
> > one place and adding checks for the return value of snprintf().
> >
> > Reviewed-by: Peter Senna Tschudin <peter.senna@...il.com>
> > Signed-off-by: Jonathan Dieter <jdieter@...bg.com>
>
> Greg,
>
> Please pick this up.
>
> Acked-by: Shuah Khan <shuahkh@....samsung.com>
Thanks, still digging through USB patches...
Powered by blists - more mailing lists