lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CY8PR11MB7134751986E9092C9B853CF98954A@CY8PR11MB7134.namprd11.prod.outlook.com>
Date: Mon, 14 Jul 2025 01:25:31 +0000
From: "Zhuo, Qiuxu" <qiuxu.zhuo@...el.com>
To: Wang Haoran <haoranwangsec@...il.com>, "Luck, Tony" <tony.luck@...el.com>,
	"bp@...en8.de" <bp@...en8.de>
CC: "james.morse@....com" <james.morse@....com>, "mchehab@...nel.org"
	<mchehab@...nel.org>, "rric@...nel.org" <rric@...nel.org>,
	"linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] edac: Use scnprintf() for safer buffer handling

> From: Wang Haoran <haoranwangsec@...il.com>
> Sent: Sunday, July 13, 2025 10:58 AM
> To: Luck, Tony <tony.luck@...el.com>; bp@...en8.de
> Cc: james.morse@....com; mchehab@...nel.org; rric@...nel.org; linux-
> edac@...r.kernel.org; linux-kernel@...r.kernel.org; Wang Haoran
> <haoranwangsec@...il.com>
> Subject: [PATCH] edac: Use scnprintf() for safer buffer handling
> 
> snprintf() is fragile when its return value will be used to append additional
> data to a buffer. Use scnprintf() instead.
> 
> Signed-off-by: Wang Haoran (Vul337) <haoranwangsec@...il.com>
> ---
>  drivers/edac/skx_common.c | 4 ++--

Please also replace all instances of snprintf() with scnprintf() in the file drivers/edac/i10nm_edac.c

Thanks
-Qiuxu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ