lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Feb 2018 15:25:02 +0100 From: Gavin Schenk <g.schenk@...elmann.de> To: <linux-kernel@...r.kernel.org>, <gregkh@...uxfoundation.org> CC: <kernel@...gutronix.de>, <dcb314@...mail.com>, Gavin Schenk <g.schenk@...elmann.de> Subject: [PATCH] siox: fix possible buffer overflow in device_add_store Width 20 given in format string is larger than destination buffer 'type[20]', use %19s to prevent overflowing it. Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX") Reported-by: David Binderman <dcb314@...mail.com> Signed-off-by: Gavin Schenk <g.schenk@...elmann.de> --- drivers/siox/siox-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/siox/siox-core.c b/drivers/siox/siox-core.c index fdfcdea25867..16590dfaafa4 100644 --- a/drivers/siox/siox-core.c +++ b/drivers/siox/siox-core.c @@ -594,7 +594,7 @@ static ssize_t device_add_store(struct device *dev, size_t inbytes = 0, outbytes = 0; u8 statustype = 0; - ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes, + ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes, &outbytes, &statustype); if (ret != 3 && ret != 4) return -EINVAL; -- 2.15.1 -- Eckelmann AG Vorstand: Dipl.-Ing. Peter Frankenbach (Sprecher) Dipl.-Wi.-Ing. Philipp Eckelmann Dr.-Ing. Marco Münchhof Dr.-Ing. Frank Uhlemann Vorsitzender des Aufsichtsrats: Hubertus G. Krossa Stv. Vorsitzender des Aufsichtsrats: Dr.-Ing. Gerd Eckelmann Sitz der Gesellschaft: Berliner Str. 161, 65205 Wiesbaden, Amtsgericht Wiesbaden HRB 12636 http://www.eckelmann.de
Powered by blists - more mailing lists