| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210630224248.2iq6o6krecx4cz5j@begin>
Date: Thu, 1 Jul 2021 00:42:48 +0200
From: Samuel Thibault <samuel.thibault@...-lyon.org>
To: gregkh@...uxfoundation.org
Cc: linux-kernel@...r.kernel.org, Salah Triki <salah.triki@...il.com>,
w.d.hubbs@...il.com, chris@...-brannons.com, kirk@...sers.ca,
speakup@...ux-speakup.org
Subject: [PATCH] speakup: replace sprintf() by scnprintf()
Replace sprintf() by scnprintf() in order to avoid buffer overflows.
Signed-off-by: Salah Triki <salah.triki@...il.com>
Signed-off-by: Samuel Thibault <samuel.thibault@...-lyon.org>
---
drivers/accessibility/speakup/speakup_soft.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/accessibility/speakup/speakup_soft.c b/drivers/accessibility/speakup/speakup_soft.c
index c3f97c572fb6..19824e7006fe 100644
--- a/drivers/accessibility/speakup/speakup_soft.c
+++ b/drivers/accessibility/speakup/speakup_soft.c
@@ -153,18 +153,25 @@ static char *get_initstring(void)
static char buf[40];
char *cp;
struct var_t *var;
+ size_t len;
+ size_t n;
memset(buf, 0, sizeof(buf));
cp = buf;
+ len = sizeof(buf);
+
var = synth_soft.vars;
while (var->var_id != MAXVARS) {
if (var->var_id != CAPS_START && var->var_id != CAPS_STOP &&
- var->var_id != PAUSE && var->var_id != DIRECT)
- cp = cp + sprintf(cp, var->u.n.synth_fmt,
- var->u.n.value);
+ var->var_id != PAUSE && var->var_id != DIRECT) {
+ n = scnprintf(cp, len, var->u.n.synth_fmt,
+ var->u.n.value);
+ cp = cp + n;
+ len = len - n;
+ }
var++;
}
- cp = cp + sprintf(cp, "\n");
+ cp = cp + scnprintf(cp, len, "\n");
return buf;
}
--
2.25.1
Powered by blists - more mailing lists