| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d4b1a995-a0cb-4125-aa1d-5fd5044aba1d@moroto.mountain>
Date: Wed, 18 Oct 2023 17:20:11 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Xabier Marquiegui <reibax@...il.com>
Cc: Richard Cochran <richardcochran@...il.com>,
"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: [PATCH net-next] ptp: prevent string overflow
The ida_alloc_max() function can return up to INT_MAX so this buffer is
not large enough. Also use snprintf() for extra safety.
Fixes: 403376ddb422 ("ptp: add debugfs interface to see applied channel masks")
Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
---
drivers/ptp/ptp_clock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
index 2e801cd33220..3d1b0a97301c 100644
--- a/drivers/ptp/ptp_clock.c
+++ b/drivers/ptp/ptp_clock.c
@@ -220,7 +220,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
struct ptp_clock *ptp;
struct timestamp_event_queue *queue = NULL;
int err = 0, index, major = MAJOR(ptp_devt);
- char debugfsname[8];
+ char debugfsname[16];
size_t size;
if (info->n_alarm > PTP_MAX_ALARMS)
@@ -343,7 +343,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
}
/* Debugfs initialization */
- sprintf(debugfsname, "ptp%d", ptp->index);
+ snprintf(debugfsname, sizeof(debugfsname), "ptp%d", ptp->index);
ptp->debugfs_root = debugfs_create_dir(debugfsname, NULL);
return ptp;
--
2.42.0
Powered by blists - more mailing lists