| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190927152315.GE5610@atomide.com>
Date: Fri, 27 Sep 2019 08:23:15 -0700
From: Tony Lindgren <tony@...mide.com>
To: Stephen Kitt <steve@....org>
Cc: Tero Kristo <t-kristo@...com>,
Michael Turquette <mturquette@...libre.com>,
Stephen Boyd <sboyd@...nel.org>, linux-omap@...r.kernel.org,
linux-clk@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] clk/ti/adpll: allocate room for terminating null
* Stephen Kitt <steve@....org> [190927 15:13]:
> The buffer allocated in ti_adpll_clk_get_name doesn't account for the
> terminating null. This patch adds the extra byte, and switches to
> snprintf to avoid overflowing.
>
> Signed-off-by: Stephen Kitt <steve@....org>
> ---
> drivers/clk/ti/adpll.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/clk/ti/adpll.c b/drivers/clk/ti/adpll.c
> index fdfb90058504..27933c4e8a27 100644
> --- a/drivers/clk/ti/adpll.c
> +++ b/drivers/clk/ti/adpll.c
> @@ -196,12 +196,13 @@ static const char *ti_adpll_clk_get_name(struct ti_adpll_data *d,
> } else {
> const char *base_name = "adpll";
> char *buf;
> + size_t size = 8 + 1 + strlen(base_name) + 1 +
> + strlen(postfix) + 1;
>
> - buf = devm_kzalloc(d->dev, 8 + 1 + strlen(base_name) + 1 +
> - strlen(postfix), GFP_KERNEL);
> + buf = devm_kzalloc(d->dev, size, GFP_KERNEL);
> if (!buf)
> return NULL;
> - sprintf(buf, "%08lx.%s.%s", d->pa, base_name, postfix);
> + snprintf(buf, size, "%08lx.%s.%s", d->pa, base_name, postfix);
> name = buf;
> }
>
Thanks for catching this. Maybe just use devm_kasprintf() here?
Regards,
Tony
Powered by blists - more mailing lists