[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55356910-b46e-cfab-bb67-fc364ebf5740@gonehiking.org>
Date: Thu, 22 Apr 2021 11:30:10 -0600
From: Khalid Aziz <khalid@...ehiking.org>
To: "Maciej W. Rozycki" <macro@...am.me.uk>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>
Cc: Christoph Hellwig <hch@....de>, linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/5] scsi: BusLogic: Avoid unbounded `vsprintf' use
On 4/20/21 12:01 PM, Maciej W. Rozycki wrote:
> Existing `blogic_msg' invocations do not appear to overrun its internal
> buffer of a fixed length of 100, which would cause stack corruption, but
> it's easy to miss with possible further updates and a fix is cheap in
> performance terms, so limit the output produced into the buffer by using
> `vscnprintf' rather than `vsprintf'.
>
> Signed-off-by: Maciej W. Rozycki <macro@...am.me.uk>
> ---
> Changes from v1:
>
> - use `vscnprintf' instead of `vsnprintf' for the correct character count.
> ---
> drivers/scsi/BusLogic.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> linux-buslogic-vscnprintf.diff
> Index: linux-macro-ide/drivers/scsi/BusLogic.c
> ===================================================================
> --- linux-macro-ide.orig/drivers/scsi/BusLogic.c
> +++ linux-macro-ide/drivers/scsi/BusLogic.c
> @@ -3588,7 +3588,7 @@ static void blogic_msg(enum blogic_msgle
> int len = 0;
>
> va_start(args, adapter);
> - len = vsprintf(buf, fmt, args);
> + len = vscnprintf(buf, sizeof(buf), fmt, args);
> va_end(args);
> if (msglevel == BLOGIC_ANNOUNCE_LEVEL) {
> static int msglines = 0;
>
Acked-by: Khalid Aziz <khalid@...ehiking.org>
Powered by blists - more mailing lists