lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aTQ2QQKfzekZEduc@horms.kernel.org>
Date: Sat, 6 Dec 2025 13:57:21 +0000
From: Simon Horman <horms@...nel.org>
To: Kathara Sasikumar <katharasasikumar007@...il.com>
Cc: alex.aring@...il.com, davem@...emloft.net, edumazet@...gle.com,
	kuba@...nel.org, pabeni@...hat.com, david.hunter.linux@...il.com,
	linux-bluetooth@...r.kernel.org, linux-wpan@...r.kernel.org,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	shuah@...nel.org, skhan@...uxfoundation.org
Subject: Re: [PATCH] net: 6lowpan: replace sprintf() with scnprintf() in
 debugfs

On Fri, Dec 05, 2025 at 05:53:24PM +0000, Kathara Sasikumar wrote:
> sprintf() does not perform bounds checking on the destination buffer and
> is deprecated in the kernel as documented in
> Documentation/process/deprecated.rst.

Hi Kathara,

Thanks for your patch.

While I do see this mentioned at [1], and I do agree with the approach
taken here, I don't see it mentioned in deprecated.rst in net-next or
Linus' tree.

[1] https://lwn.net/Articles/69419/
[2] https://lore.kernel.org/netdev/20251017094954.1402684-1-wintera@linux.ibm.com/

> 
> Replace it with scnprintf() to ensure the write stays within bounds.
> 
> No functional change intended.
> 
> Signed-off-by: Kathara Sasikumar <katharasasikumar007@...il.com>

This patch looks like it should be targeted at net-next,
and that should be done like this.

Subject: [PATCH net-next] ...

But unfortunately net-next is currently closed.

## Form letter - net-next-closed

The merge window for v6.19 has begun and therefore net-next has closed
for new drivers, features, code refactoring and optimizations. We are
currently accepting bug fixes only.

Please repost when net-next reopens.

Due to a combination of the merge-window, travel commitments of the
maintainers, and the holiday season, net-next will re-open after
2nd January.

RFC patches sent for review only are welcome at any time.

See: https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle

-- 
pw-bot: changes-requested

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ