lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue,  3 Mar 2015 13:48:34 +0000 (UTC)
From:	Kalle Valo <kvalo@...eaurora.org>
To:	Colin Ian King <colin.king@...onical.com>
Cc:	Vladimir Kondratiev <qca_vkondrat@....qualcomm.com>,
	linux-wireless@...r.kernel.org, wil6210@....qualcomm.com,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: wil6210: increase cmd buffer size to avoid sscanf buffer overflow


> From: Colin Ian King <colin.king@...onical.com>
> 
> cppcheck detected a buffer overflow:
> 
> [drivers/net/wireless/ath/wil6210/debugfs.c:634]: (error) Width 8
>   given in format string (no. 1) is larger than destination buffer
>   'cmd[8]', use %7s to prevent overflowing it.
> 
> For the current %8s sscanf we require cmd to be 9 chars long
> so increase it by 1 byte to prevent the sscan overflow (rather
> than reduce the %8s specifier to %7s as cppcheck recommends).
> 
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> Acked-by: Vladimir Kondratiev <qca_vkondrat@....qualcomm.com>

Thanks, applied to wireless-drivers-next.git.

Kalle Valo
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ