| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260201181824.4999-1-sumeet4linux@gmail.com>
Date: Sun, 1 Feb 2026 23:48:24 +0530
From: Sumeet Pawnikar <sumeet4linux@...il.com>
To: rafael@...nel.org,
robert.moore@...el.com,
lenb@...nel.org,
linux-acpi@...r.kernel.org,
acpica-devel@...ts.linux.dev
Cc: linux-kernel@...r.kernel.org,
sumeet4linux@...il.com
Subject: [PATCH] tools/power/acpi: Replace unsafe strcat with strncat in apfiles.c
Replace unsafe strcat() calls with strncat() in apfiles.c to prevent
potential buffer overflow vulnerabilities when constructing filenames.
The strncat() function performs bounds checking to ensure the
destination buffer is not overflowed.
No functional change.
Signed-off-by: Sumeet Pawnikar <sumeet4linux@...il.com>
---
tools/power/acpi/tools/acpidump/apfiles.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/power/acpi/tools/acpidump/apfiles.c b/tools/power/acpi/tools/acpidump/apfiles.c
index d6b8a201480b..c7b71579aae6 100644
--- a/tools/power/acpi/tools/acpidump/apfiles.c
+++ b/tools/power/acpi/tools/acpidump/apfiles.c
@@ -131,10 +131,12 @@ int ap_write_to_binary_file(struct acpi_table_header *table, u32 instance)
if (instance > 0) {
snprintf(instance_str, sizeof(instance_str), "%u", instance);
- strcat(filename, instance_str);
+ strncat(filename, instance_str,
+ sizeof(filename) - strlen(filename) - 1);
}
- strcat(filename, FILE_SUFFIX_BINARY_TABLE);
+ strncat(filename, FILE_SUFFIX_BINARY_TABLE,
+ sizeof(filename) - strlen(filename) - 1);
if (gbl_verbose_mode) {
fprintf(stderr,
--
2.43.0
Powered by blists - more mailing lists