| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jul 2023 10:22:44 +0100
From: Ben Dooks <ben.dooks@...ethink.co.uk>
To: nvdimm@...ts.linux.dev
Cc: linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org,
lenb@...nel.org, Ben Dooks <ben.dooks@...ethink.co.uk>
Subject: [PATCH] ACPI: NFIT: limit string attribute write
If we're writing what could be an arbitrary sized string into an attribute
we should probably use sysfs_emit() just to be safe. Most of the other
attriubtes are some sort of integer so unlikely to be an issue so not
altered at this time.
Signed-off-by: Ben Dooks <ben.dooks@...ethink.co.uk>
---
v2:
- use sysfs_emit() instead of snprintf.
---
drivers/acpi/nfit/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 9213b426b125..d7e9d9cd16d2 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -1579,7 +1579,7 @@ static ssize_t id_show(struct device *dev,
{
struct nfit_mem *nfit_mem = to_nfit_mem(dev);
- return sprintf(buf, "%s\n", nfit_mem->id);
+ return snprintf(buf, PAGE_SIZE, "%s\n", nfit_mem->id);
}
static DEVICE_ATTR_RO(id);
--
2.40.1
Powered by blists - more mailing lists