lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Oct 2022 12:50:34 +0300 From: Peter Kosyh <pkosyh@...dex.ru> To: Ajit Khaparde <ajit.khaparde@...adcom.com> Cc: Peter Kosyh <pkosyh@...dex.ru>, Sriharsha Basavapatna <sriharsha.basavapatna@...adcom.com>, Somnath Kotur <somnath.kotur@...adcom.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org Subject: [PATCH] net: benet: use snprintf instead sprintf and IFNAMSIZ instead hardcoded constant. printf to array 'eqo->desc' of size 32 may cause buffer overflow when using non-standard IFNAMSIZ. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Peter Kosyh <pkosyh@...dex.ru> --- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/emulex/benet/be.h b/drivers/net/ethernet/emulex/benet/be.h index 61fe9625bed1..857a25f45fc8 100644 --- a/drivers/net/ethernet/emulex/benet/be.h +++ b/drivers/net/ethernet/emulex/benet/be.h @@ -179,7 +179,7 @@ static inline void queue_tail_inc(struct be_queue_info *q) struct be_eq_obj { struct be_queue_info q; - char desc[32]; + char desc[IFNAMSIZ+16]; struct be_adapter *adapter; struct napi_struct napi; diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c index 414362febbb9..8e75a14da595 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -3485,7 +3485,7 @@ static int be_msix_register(struct be_adapter *adapter) int status, i, vec; for_all_evt_queues(adapter, eqo, i) { - sprintf(eqo->desc, "%s-q%d", netdev->name, i); + snprintf(eqo->desc, sizeof(eqo->desc), "%s-q%d", netdev->name, i); vec = be_msix_vec_get(adapter, eqo); status = request_irq(vec, be_msix, 0, eqo->desc, eqo); if (status) -- 2.37.0
Powered by blists - more mailing lists