| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aYMVdePjEkJ7gTE2@stanley.mountain> Date: Wed, 4 Feb 2026 12:46:29 +0300 From: Dan Carpenter <dan.carpenter@...aro.org> To: Neel Bullywon <neelb2403@...il.com> Cc: Johan Hovold <johan@...nel.org>, Alex Elder <elder@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, greybus-dev@...ts.linaro.org, linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCH] staging: greybus: gbphy: replaced sprintf() with sysfs_emit() On Tue, Feb 03, 2026 at 04:22:54PM -0500, Neel Bullywon wrote: > Replaced sprintf() with sysfs_emit in the protocol_id_show() sysfs > attribute func to prevent any potential buffer overflows There are no buffer overflows here. buf is PAGE_SIZE so it's more than large enough. I like this change, but the commit message implies there is a potential buffer overflow and that's wrong. Say something like: "This code is safe, but replace sprintf() with sysfs_emit() because we are trying to get rid of calls to sprintf() as part of kernel hardenning and sysfs_emit() is more appropriate in this context". > > This is to ensure a kernel-wide migration to safer string formatting > functions for sysfs handlers > > This was compile-tested only (no VM/hardware used) Don't put this sort of comment in the commit message. Put it under the --- cut off line. > > Signed-off-by: Neel Bullywon <neelb2403@...il.com> > --- ^^^ Here. regards, dan carpenter
Powered by blists - more mailing lists