| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Apr 2021 13:54:24 -0600
From: Khalid Aziz <khalid@...ehiking.org>
To: "Maciej W. Rozycki" <macro@...am.me.uk>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>
Cc: Christoph Hellwig <hch@....de>, linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/5] scsi: BusLogic: Avoid unbounded `vsprintf' use
On 4/14/21 4:39 PM, Maciej W. Rozycki wrote:
> Existing `blogic_msg' invocations do not appear to overrun its internal
> buffer of a fixed length of 100, which would cause stack corruption, but
> it's easy to miss with possible further updates and a fix is cheap in
> performance terms, so limit the output produced into the buffer by using
> `vsnprintf' rather than `vsprintf'.
>
> Signed-off-by: Maciej W. Rozycki <macro@...am.me.uk>
> ---
> drivers/scsi/BusLogic.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> linux-buslogic-vsnprintf.diff
> Index: linux-macro-ide/drivers/scsi/BusLogic.c
> ===================================================================
> --- linux-macro-ide.orig/drivers/scsi/BusLogic.c
> +++ linux-macro-ide/drivers/scsi/BusLogic.c
> @@ -3588,7 +3588,7 @@ static void blogic_msg(enum blogic_msgle
> int len = 0;
>
> va_start(args, adapter);
> - len = vsprintf(buf, fmt, args);
> + len = vsnprintf(buf, sizeof(buf), fmt, args);
> va_end(args);
> if (msglevel == BLOGIC_ANNOUNCE_LEVEL) {
> static int msglines = 0;
>
As Maciej explained in other email that snprintf() does null-terminate
the string, I think this change is fine.
Acked-by: Khalid Aziz <khalid@...ehiking.org>
Powered by blists - more mailing lists