lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2024010542-thespian-agreed-ff3d@gregkh>
Date: Fri, 5 Jan 2024 08:38:45 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Christian Marangi <ansuelsmth@...il.com>
Cc: Christophe JAILLET <christophe.jaillet@...adoo.fr>,
	MyungJoo Ham <myungjoo.ham@...sung.com>,
	Kyungmin Park <kyungmin.park@...sung.com>,
	Chanwoo Choi <cw00.choi@...sung.com>,
	Jonghwa Lee <jonghwa3.lee@...sung.com>,
	linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org,
	stable@...r.kernel.org
Subject: Re: [RESEND PATCH 1/2] PM / devfreq: Fix buffer overflow in
 trans_stat_show

On Thu, Jan 04, 2024 at 11:44:54PM +0100, Christian Marangi wrote:
> On Thu, Jan 04, 2024 at 11:19:44PM +0100, Christophe JAILLET wrote:
> > > @@ -1688,7 +1688,7 @@ static ssize_t trans_stat_show(struct device *dev,
> > >   			       struct device_attribute *attr, char *buf)
> > >   {
> > >   	struct devfreq *df = to_devfreq(dev);
> > > -	ssize_t len;
> > > +	ssize_t len = 0;
> > >   	int i, j;
> > >   	unsigned int max_state;
> > > @@ -1697,7 +1697,7 @@ static ssize_t trans_stat_show(struct device *dev,
> > >   	max_state = df->max_state;
> > >   	if (max_state == 0)
> > > -		return sprintf(buf, "Not Supported.\n");
> > > +		return scnprintf(buf, PAGE_SIZE, "Not Supported.\n");
> > 
> > Hi,
> > 
> > maybe using  sysfs_emit_at() could be even cleaner and less verbose?
> >
> 
> If you notice this change is done in the second patch of the series.
> This patch still use this more generic way to permit this to be
> backported on stable kernel. (older kernel doesn't have sysfs_emit_at()
> hence it can't be backported)

All activly supported kernels on the kernel.org front page have
sysfs_emit_at(), so this should not be an issue for anyone.  Just do the
change here at the same time.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ