| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Mar 2020 15:53:44 +0800
From: Qiujun Huang <anenbupt@...il.com>
To: syzbot <syzbot+df767d588771697b0433@...kaller.appspotmail.com>
Cc: andreyknvl@...gle.com, devel@...verdev.osuosl.org,
gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
linux-usb@...r.kernel.org, syzkaller-bugs@...glegroups.com,
tranmanphong@...il.com
Subject: Re: WARNING in hwahc_probe
The return value of snprintf is longer than expected if the string is
truncated. Bytes need to be checked here.
diff --git a/drivers/staging/wusbcore/host/hwa-hc.c
b/drivers/staging/wusbcore/host/hwa-hc.c
index 8d959e9..1475a48 100644
--- a/drivers/staging/wusbcore/host/hwa-hc.c
+++ b/drivers/staging/wusbcore/host/hwa-hc.c
@@ -680,10 +680,12 @@ static int hwahc_security_create(struct hwahc *hwahc)
break;
}
itr += etd->bLength;
- bytes += snprintf(buf + bytes, sizeof(buf) - bytes,
- "%s (0x%02x) ",
- wusb_et_name(etd->bEncryptionType),
- etd->bEncryptionValue);
+
+ if (sizeof(buf) > bytes)
+ bytes += snprintf(buf + bytes, sizeof(buf) - bytes,
+ "%s (0x%02x) ",
+ wusb_et_name(etd->bEncryptionType),
+ etd->bEncryptionValue);
wusbhc->ccm1_etd = etd;
}
dev_info(dev, "supported encryption types: %s\n", buf);
Powered by blists - more mailing lists