[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1608628299-124339-1-git-send-email-abaci-bugfix@linux.alibaba.com>
Date: Tue, 22 Dec 2020 17:11:39 +0800
From: YANG LI <abaci-bugfix@...ux.alibaba.com>
To: tglx@...utronix.de
Cc: qais.yousef@....com, peterz@...radead.org, mpe@...erman.id.au,
bristot@...hat.com, ethp@...co, npiggin@...il.com, arnd@...db.de,
linux-kernel@...r.kernel.org,
YANG LI <abaci-bugfix@...ux.alibaba.com>
Subject: [PATCH] kernel/cpu: fix: use scnprintf or sprintf.
The snprintf() function returns the number of characters which would
have been printed if there were enough space, but the scnprintf()
returns the number of characters which were actually printed. If the
buffer is not large enough, then using snprintf() would result in a
read overflow and an information leak.
Signed-off-by: YANG LI <abaci-bugfix@...ux.alibaba.com>
Reported-by: Abaci <abaci@...ux.alibaba.com>
---
kernel/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 4e11e91..c123741 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2345,7 +2345,7 @@ static ssize_t show_cpuhp_states(struct device *dev,
{
const char *state = smt_states[cpu_smt_control];
- return snprintf(buf, PAGE_SIZE - 2, "%s\n", state);
+ return scnprintf(buf, PAGE_SIZE - 2, "%s\n", state);
}
static ssize_t
--
1.8.3.1
Powered by blists - more mailing lists