| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241023-wwan-fmt-v1-1-521b39968639@kernel.org>
Date: Wed, 23 Oct 2024 13:15:28 +0100
From: Simon Horman <horms@...nel.org>
To: Loic Poulain <loic.poulain@...aro.org>,
Sergey Ryazanov <ryazanov.s.a@...il.com>,
Johannes Berg <johannes@...solutions.net>
Cc: Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>,
netdev@...r.kernel.org, llvm@...ts.linux.dev
Subject: [PATCH net-next] wwan: core: Pass string literal as format
argument of dev_set_name()
Both gcc-14 and clang-18 report that passing a non-string literal as the
format argument of dev_set_name() is potentially insecure.
E.g. clang-18 says:
drivers/net/wwan/wwan_core.c:442:34: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
442 | return dev_set_name(&port->dev, buf);
| ^~~
drivers/net/wwan/wwan_core.c:442:34: note: treat the string as an argument to avoid this
442 | return dev_set_name(&port->dev, buf);
| ^
| "%s",
It is always the case where the contents of mod is safe to pass as the
format argument. That is, in my understanding, it never contains any
format escape sequences.
But, it seems better to be safe than sorry. And, as a bonus, compiler
output becomes less verbose by addressing this issue as suggested by
clang-18.
Compile tested only.
No functional change intended.
Signed-off-by: Simon Horman <horms@...nel.org>
---
drivers/net/wwan/wwan_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c
index 17431f1b1a0c..465e2a0d57a3 100644
--- a/drivers/net/wwan/wwan_core.c
+++ b/drivers/net/wwan/wwan_core.c
@@ -431,7 +431,7 @@ static int __wwan_port_dev_assign_name(struct wwan_port *port, const char *fmt)
return -ENFILE;
}
- return dev_set_name(&port->dev, buf);
+ return dev_set_name(&port->dev, "%s", buf);
}
struct wwan_port *wwan_create_port(struct device *parent,
Powered by blists - more mailing lists