| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Oct 2022 12:50:34 +0300
From: Peter Kosyh <pkosyh@...dex.ru>
To: Ajit Khaparde <ajit.khaparde@...adcom.com>
Cc: Peter Kosyh <pkosyh@...dex.ru>,
Sriharsha Basavapatna <sriharsha.basavapatna@...adcom.com>,
Somnath Kotur <somnath.kotur@...adcom.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: [PATCH] net: benet: use snprintf instead sprintf and IFNAMSIZ instead hardcoded constant.
printf to array 'eqo->desc' of size 32 may cause buffer overflow when
using non-standard IFNAMSIZ.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Peter Kosyh <pkosyh@...dex.ru>
---
drivers/net/ethernet/emulex/benet/be.h | 2 +-
drivers/net/ethernet/emulex/benet/be_main.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/emulex/benet/be.h b/drivers/net/ethernet/emulex/benet/be.h
index 61fe9625bed1..857a25f45fc8 100644
--- a/drivers/net/ethernet/emulex/benet/be.h
+++ b/drivers/net/ethernet/emulex/benet/be.h
@@ -179,7 +179,7 @@ static inline void queue_tail_inc(struct be_queue_info *q)
struct be_eq_obj {
struct be_queue_info q;
- char desc[32];
+ char desc[IFNAMSIZ+16];
struct be_adapter *adapter;
struct napi_struct napi;
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
index 414362febbb9..8e75a14da595 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
@@ -3485,7 +3485,7 @@ static int be_msix_register(struct be_adapter *adapter)
int status, i, vec;
for_all_evt_queues(adapter, eqo, i) {
- sprintf(eqo->desc, "%s-q%d", netdev->name, i);
+ snprintf(eqo->desc, sizeof(eqo->desc), "%s-q%d", netdev->name, i);
vec = be_msix_vec_get(adapter, eqo);
status = request_irq(vec, be_msix, 0, eqo->desc, eqo);
if (status)
--
2.37.0
Powered by blists - more mailing lists