| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK8P3a1X-fNo4PxZi8ZWiRrtdvF0kyB4qYEZYOe81uMgsYy2Qg@mail.gmail.com>
Date: Mon, 19 Apr 2021 16:13:01 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Colin King <colin.king@...onical.com>
Cc: Kalle Valo <kvalo@...eaurora.org>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
linux-wireless <linux-wireless@...r.kernel.org>,
Networking <netdev@...r.kernel.org>,
kernel-janitors@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH][next] wlcore: Fix buffer overrun by snprintf due to
incorrect buffer size Content-Type: text/plain; charset="utf-8"
On Mon, Apr 19, 2021 at 4:01 PM Colin King <colin.king@...onical.com> wrote:
>
> From: Colin Ian King <colin.king@...onical.com>
>
> The size of the buffer than can be written to is currently incorrect, it is
> always the size of the entire buffer even though the snprintf is writing
> as position pos into the buffer. Fix this by setting the buffer size to be
> the number of bytes left in the buffer, namely sizeof(buf) - pos.
>
> Addresses-Coverity: ("Out-of-bounds access")
> Fixes: 7b0e2c4f6be3 ("wlcore: fix overlapping snprintf arguments in debugfs")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
Acked-by: Arnd Bergmann <arnd@...db.de>
Powered by blists - more mailing lists