| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250728111517.134116-4-nik.borisov@suse.com>
Date: Mon, 28 Jul 2025 14:15:17 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: linux-security-module@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
paul@...l-moore.com,
serge@...lyn.com,
jmorris@...ei.org,
dan.j.williams@...el.com,
Nikolay Borisov <nik.borisov@...e.com>
Subject: [PATCH v2 3/3] lockdown: Use snprintf in lockdown_read
Since individual features are now locked down separately ensure that if
the printing code is change to list them a buffer overrun won't be
introduced. As per Serge's recommendation switch from using sprintf to
using snprintf and return EINVAL in case longer than 80 char string hasi
to be printed.
Signed-off-by: Nikolay Borisov <nik.borisov@...e.com>
---
security/lockdown/lockdown.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 412184121279..ed1dde41d7d3 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -112,11 +112,19 @@ static ssize_t lockdown_read(struct file *filp, char __user *buf, size_t count,
if (lockdown_reasons[level]) {
const char *label = lockdown_reasons[level];
+ int ret = 0;
+ int write_len = 80-offset;
+
if (test_bit(level, kernel_locked_down))
- offset += sprintf(temp+offset, "[%s] ", label);
+ ret = snprintf(temp+offset, write_len, "[%s] ", label);
else
- offset += sprintf(temp+offset, "%s ", label);
+ ret = snprintf(temp+offset, write_len, "%s ", label);
+
+ if (ret < 0 || ret >= write_len)
+ return -ENOMEM;
+
+ offset += ret;
}
}
--
2.34.1
Powered by blists - more mailing lists