lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMRc=MexLwZqoc-ymuu3OSu5YXcqdmfLuX88kK0uR_6WqHgp_w@mail.gmail.com>
Date: Fri, 19 Jul 2024 16:10:05 +0200
From: Bartosz Golaszewski <brgl@...ev.pl>
To: Arnd Bergmann <arnd@...nel.org>
Cc: Linus Walleij <linus.walleij@...aro.org>, Arnd Bergmann <arnd@...db.de>, linux-gpio@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] gpio: virtuser: avoid non-constant format string

On Fri, Jul 19, 2024 at 1:46 PM Arnd Bergmann <arnd@...nel.org> wrote:
>
> From: Arnd Bergmann <arnd@...db.de>
>
> Using a string variable as an sprintf format is potentially
> dangerous, and gcc can warn about this:
>
> drivers/gpio/gpio-virtuser.c: In function 'gpio_virtuser_dbgfs_init_line_attrs':
> drivers/gpio/gpio-virtuser.c:808:9: error: format not a string literal and no format arguments [-Werror=format-security]
>   808 |         sprintf(data->consumer, id);
>       |         ^~~~~~~
>
> Change this instance to use a "%s" format instead to print the string
> argument.
>
> Fixes: 91581c4b3f29 ("gpio: virtuser: new virtual testing driver for the GPIO API")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
>  drivers/gpio/gpio-virtuser.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpio/gpio-virtuser.c b/drivers/gpio/gpio-virtuser.c
> index 0e0d55da4f01..c55b72e426c7 100644
> --- a/drivers/gpio/gpio-virtuser.c
> +++ b/drivers/gpio/gpio-virtuser.c
> @@ -805,7 +805,7 @@ static int gpio_virtuser_dbgfs_init_line_attrs(struct device *dev,
>                 return -ENOMEM;
>
>         data->ad.desc = desc;
> -       sprintf(data->consumer, id);
> +       sprintf(data->consumer, "%s", id);
>         atomic_set(&data->irq, 0);
>         atomic_set(&data->irq_count, 0);
>
> --
> 2.39.2
>

I know this should not happen as the string is checked for length when
it is set over configfs but while we're at it: maybe make it 100%
correct by using snprintf(data->consumer, sizeof(data->consumer), ...
?

Bart

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ