| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210422143956.CF11CC43217@smtp.codeaurora.org>
Date: Thu, 22 Apr 2021 14:39:56 +0000 (UTC)
From: Kalle Valo <kvalo@...eaurora.org>
To: Colin King <colin.king@...onical.com>
Cc: "David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Arnd Bergmann <arnd@...db.de>, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org, kernel-janitors@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next][V2] wlcore: Fix buffer overrun by snprintf due to
incorrect buffer size
Colin King <colin.king@...onical.com> wrote:
> From: Colin Ian King <colin.king@...onical.com>
>
> The size of the buffer than can be written to is currently incorrect, it is
> always the size of the entire buffer even though the snprintf is writing
> as position pos into the buffer. Fix this by setting the buffer size to be
> the number of bytes left in the buffer, namely sizeof(buf) - pos.
>
> Addresses-Coverity: ("Out-of-bounds access")
> Fixes: 7b0e2c4f6be3 ("wlcore: fix overlapping snprintf arguments in debugfs")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> Reviewed-by: Arnd Bergmann <arnd@...db.de>
Patch applied to wireless-drivers-next.git, thanks.
a9a4c080deb3 wlcore: Fix buffer overrun by snprintf due to incorrect buffer size
--
https://patchwork.kernel.org/project/linux-wireless/patch/20210419141405.180582-1-colin.king@canonical.com/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists