lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sun,  1 Mar 2015 17:48:33 +0000
From:	Colin King <>
To:	Vladimir Kondratiev <>,
	Kalle Valo <>,,,
Subject: [PATCH] wil6210: increase cmd buffer size to avoid sscanf buffer overflow

From: Colin Ian King <>

cppcheck detected a buffer overflow:

[drivers/net/wireless/ath/wil6210/debugfs.c:634]: (error) Width 8
  given in format string (no. 1) is larger than destination buffer
  'cmd[8]', use %7s to prevent overflowing it.

For the current %8s sscanf we require cmd to be 9 chars long
so increase it by 1 byte to prevent the sscan overflow (rather
than reduce the %8s specifier to %7s as cppcheck recommends).

Signed-off-by: Colin Ian King <>
 drivers/net/wireless/ath/wil6210/debugfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c
index 45c3558e..29aab12 100644
--- a/drivers/net/wireless/ath/wil6210/debugfs.c
+++ b/drivers/net/wireless/ath/wil6210/debugfs.c
@@ -618,7 +618,7 @@ static ssize_t wil_write_back(struct file *file, const char __user *buf,
 	struct wil6210_priv *wil = file->private_data;
 	int rc;
 	char *kbuf = kmalloc(len + 1, GFP_KERNEL);
-	char cmd[8];
+	char cmd[9];
 	int p1, p2, p3;
 	if (!kbuf)

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists