lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220520083701.2610975-3-maninder1.s@samsung.com>
Date:   Fri, 20 May 2022 14:06:58 +0530
From:   Maninder Singh <maninder1.s@...sung.com>
To:     keescook@...omium.org, pmladek@...e.com, bcain@...cinc.com,
        mpe@...erman.id.au, benh@...nel.crashing.org, paulus@...ba.org,
        hca@...ux.ibm.com, gor@...ux.ibm.com, agordeev@...ux.ibm.com,
        borntraeger@...ux.ibm.com, svens@...ux.ibm.com, satishkh@...co.com,
        sebaddel@...co.com, kartilak@...co.com, jejb@...ux.ibm.com,
        martin.petersen@...cle.com, mcgrof@...nel.org,
        jason.wessel@...driver.com, daniel.thompson@...aro.org,
        dianders@...omium.org, naveen.n.rao@...ux.ibm.com,
        anil.s.keshavamurthy@...el.com, davem@...emloft.net,
        mhiramat@...nel.org, peterz@...radead.org, mingo@...hat.com,
        will@...nel.org, longman@...hat.com, boqun.feng@...il.com,
        rostedt@...dmis.org, senozhatsky@...omium.org,
        andriy.shevchenko@...ux.intel.com, linux@...musvillemoes.dk,
        akpm@...ux-foundation.org, arnd@...db.de
Cc:     linux-hexagon@...r.kernel.org, linux-kernel@...r.kernel.org,
        linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
        linux-scsi@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-modules@...r.kernel.org,
        kgdb-bugreport@...ts.sourceforge.net, v.narang@...sung.com,
        onkarnath.1@...sung.com, Maninder Singh <maninder1.s@...sung.com>
Subject: [PATCH 2/5] kallsyms: replace sprintf with scnprintf

replace sprintf API with scnprintf which prevents buffer overflow.

Co-developed-by: Onkarnath <onkarnath.1@...sung.com>
Signed-off-by: Onkarnath <onkarnath.1@...sung.com>
Signed-off-by: Maninder Singh <maninder1.s@...sung.com>
---
 kernel/kallsyms.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index f354378e241f..9e4316fe0ba1 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -472,28 +472,29 @@ static int __sprint_symbol(char *buffer, size_t buf_size, unsigned long address,
 	name = kallsyms_lookup_buildid(address, &size, &offset, &modname, &buildid,
 				       buffer);
 	if (!name)
-		return sprintf(buffer, "0x%lx", address - symbol_offset);
+		return scnprintf(buffer, buf_size, "0x%lx", address - symbol_offset);
 
 	if (name != buffer)
-		strcpy(buffer, name);
+		strncpy(buffer, name, buf_size);
+
 	len = strlen(buffer);
 	offset -= symbol_offset;
 
 	if (add_offset)
-		len += sprintf(buffer + len, "+%#lx/%#lx", offset, size);
+		len += scnprintf(buffer + len, buf_size - len, "+%#lx/%#lx", offset, size);
 
 	if (modname) {
-		len += sprintf(buffer + len, " [%s", modname);
+		len += scnprintf(buffer + len, buf_size - len, " [%s", modname);
 #if IS_ENABLED(CONFIG_STACKTRACE_BUILD_ID)
 		if (add_buildid && buildid) {
 			/* build ID should match length of sprintf */
 #if IS_ENABLED(CONFIG_MODULES)
 			static_assert(sizeof(typeof_member(struct module, build_id)) == 20);
 #endif
-			len += sprintf(buffer + len, " %20phN", buildid);
+			len += scnprintf(buffer + len, buf_size - len, " %20phN", buildid);
 		}
 #endif
-		len += sprintf(buffer + len, "]");
+		len += scnprintf(buffer + len, buf_size - len, "]");
 	}
 
 	return len;
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ