| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Jul 2023 09:17:51 +0100
From: Ben Dooks <ben.dooks@...ethink.co.uk>
To: linux-kernel@...r.kernel.org, linux-acpi@...r.kernel.org
Cc: nvdimm@...ts.linux.dev, lenb@...nel.org,
Ben Dooks <ben.dooks@...ethink.co.uk>
Subject: [PATCH] ACPI: NFIT: limit string attribute write
If we're writing what could be an arbitrary sized string into an attribute
we should probably use snprintf() just to be safe. Most of the other
attriubtes are some sort of integer so unlikely to be an issue so not
altered at this time.
Signed-off-by: Ben Dooks <ben.dooks@...ethink.co.uk>
---
drivers/acpi/nfit/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 9213b426b125..d7e9d9cd16d2 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -1579,7 +1579,7 @@ static ssize_t id_show(struct device *dev,
{
struct nfit_mem *nfit_mem = to_nfit_mem(dev);
- return sprintf(buf, "%s\n", nfit_mem->id);
+ return snprintf(buf, PAGE_SIZE, "%s\n", nfit_mem->id);
}
static DEVICE_ATTR_RO(id);
--
2.40.1
Powered by blists - more mailing lists