From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Cezary Rojewski <cezary.rojewski@intel.com>,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: "Theodore Ts'o" <tytso@mit.edu>, Jan Kara <jack@suse.com>,
Andy Shevchenko <andy@kernel.org>,
"Rafael J. Wysocki" <rafael@kernel.org>, Jan Kara <jack@suse.cz>
Subject: [PATCH v2 1/3] jbd2: Avoid printing outside the boundary of the buffer
Date: Thu, 23 Mar 2023 14:37:02 +0200 [thread overview]
Message-ID: <20230323123704.37983-2-andriy.shevchenko@linux.intel.com> (raw)
In-Reply-To: <20230323123704.37983-1-andriy.shevchenko@linux.intel.com>
Theoretically possible that "%pg" will take all room for the j_devname
and hence the "-%lu" will go outside the boundary due to unconditional
sprintf() in use. To make this code more robust, replace two sequential
s*printf():s by a single call and then replace forbidden character.
It's possible to do this way, because '/' won't ever be in the result
of "-%lu".
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
---
fs/jbd2/journal.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
index 8ae419152ff6..6e17f8f94dfd 100644
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -1491,7 +1491,6 @@ journal_t *jbd2_journal_init_inode(struct inode *inode)
{
journal_t *journal;
sector_t blocknr;
- char *p;
int err = 0;
blocknr = 0;
@@ -1515,9 +1514,8 @@ journal_t *jbd2_journal_init_inode(struct inode *inode)
journal->j_inode = inode;
snprintf(journal->j_devname, sizeof(journal->j_devname),
- "%pg", journal->j_dev);
- p = strreplace(journal->j_devname, '/', '!');
- sprintf(p, "-%lu", journal->j_inode->i_ino);
+ "%pg-%lu", journal->j_dev, journal->j_inode->i_ino);
+ strreplace(journal->j_devname, '/', '!');
jbd2_stats_proc_init(journal);
return journal;
--
2.40.0.1.gaa8946217a0b
next prev parent reply other threads:[~2023-03-23 12:36 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-23 12:37 [PATCH v2 0/3] lib/string_helpers et al.: Change return value of strreplace() Andy Shevchenko
2023-03-23 12:37 ` Andy Shevchenko [this message]
2023-03-23 12:37 ` [PATCH v2 2/3] lib/string_helpers: Change returned value of the strreplace() Andy Shevchenko
2023-03-23 12:37 ` [PATCH v2 3/3] kobject: Use return value of strreplace() Andy Shevchenko
2023-03-26 13:37 ` David Laight
2023-04-05 13:34 ` [PATCH v2 0/3] lib/string_helpers et al.: Change " Andy Shevchenko
2023-04-05 14:24 ` Greg Kroah-Hartman
2023-04-05 14:38 ` Andy Shevchenko
2023-04-06 2:58 ` Kees Cook
2023-06-05 14:04 ` Andy Shevchenko
2023-06-05 16:57 ` Greg Kroah-Hartman
2023-06-05 17:06 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230323123704.37983-2-andriy.shevchenko@linux.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=andy@kernel.org \
--cc=cezary.rojewski@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jack@suse.com \
--cc=jack@suse.cz \
--cc=keescook@chromium.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.