| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Dec 2020 17:11:39 +0800
From: YANG LI <abaci-bugfix@...ux.alibaba.com>
To: tglx@...utronix.de
Cc: qais.yousef@....com, peterz@...radead.org, mpe@...erman.id.au,
bristot@...hat.com, ethp@...co, npiggin@...il.com, arnd@...db.de,
linux-kernel@...r.kernel.org,
YANG LI <abaci-bugfix@...ux.alibaba.com>
Subject: [PATCH] kernel/cpu: fix: use scnprintf or sprintf.
The snprintf() function returns the number of characters which would
have been printed if there were enough space, but the scnprintf()
returns the number of characters which were actually printed. If the
buffer is not large enough, then using snprintf() would result in a
read overflow and an information leak.
Signed-off-by: YANG LI <abaci-bugfix@...ux.alibaba.com>
Reported-by: Abaci <abaci@...ux.alibaba.com>
---
kernel/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 4e11e91..c123741 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2345,7 +2345,7 @@ static ssize_t show_cpuhp_states(struct device *dev,
{
const char *state = smt_states[cpu_smt_control];
- return snprintf(buf, PAGE_SIZE - 2, "%s\n", state);
+ return scnprintf(buf, PAGE_SIZE - 2, "%s\n", state);
}
static ssize_t
--
1.8.3.1
Powered by blists - more mailing lists