* [PATCH] kernel/kexec.c: use vscnprintf() instead of vsnprintf() in vmcoreinfo_append_str()
@ 2013-10-09 8:29 ` Chen Gang
0 siblings, 0 replies; 3+ messages in thread
From: Chen Gang @ 2013-10-09 8:29 UTC (permalink / raw)
To: Eric W. Biederman
Cc: Richard Weinberger, kexec, linux-kernel@vger.kernel.org, Al Viro,
Joe Perches, Andrew Morton
vsnprintf() may let 'r' larger than sizeof(buf), in this case, if 'r'
is also less than "vmcoreinfo_max_size - vmcoreinfo_size" (left size of
destination buffer), next memcpy() will read the unexpected addresses.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
kernel/kexec.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 2a74f30..0abcd68 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -1533,7 +1533,7 @@ void vmcoreinfo_append_str(const char *fmt, ...)
size_t r;
va_start(args, fmt);
- r = vsnprintf(buf, sizeof(buf), fmt, args);
+ r = vscnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
r = min(r, vmcoreinfo_max_size - vmcoreinfo_size);
--
1.7.7.6
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH] kernel/kexec.c: use vscnprintf() instead of vsnprintf() in vmcoreinfo_append_str()
@ 2013-10-09 8:29 ` Chen Gang
0 siblings, 0 replies; 3+ messages in thread
From: Chen Gang @ 2013-10-09 8:29 UTC (permalink / raw)
To: Eric W. Biederman
Cc: kexec, linux-kernel@vger.kernel.org, Al Viro, Andrew Morton,
Joe Perches, Richard Weinberger
vsnprintf() may let 'r' larger than sizeof(buf), in this case, if 'r'
is also less than "vmcoreinfo_max_size - vmcoreinfo_size" (left size of
destination buffer), next memcpy() will read the unexpected addresses.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
kernel/kexec.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 2a74f30..0abcd68 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -1533,7 +1533,7 @@ void vmcoreinfo_append_str(const char *fmt, ...)
size_t r;
va_start(args, fmt);
- r = vsnprintf(buf, sizeof(buf), fmt, args);
+ r = vscnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
r = min(r, vmcoreinfo_max_size - vmcoreinfo_size);
--
1.7.7.6
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH] kernel/sysctl_binary.c: use scnprintf() instead of snprintf()
2013-10-09 8:29 ` Chen Gang
(?)
@ 2013-10-09 9:03 ` Chen Gang
-1 siblings, 0 replies; 3+ messages in thread
From: Chen Gang @ 2013-10-09 9:03 UTC (permalink / raw)
To: Eric W. Biederman, Al Viro, xi.wang
Cc: nicolas.dichtel, linux-kernel@vger.kernel.org, Andrew Morton,
Joe Perches, Richard Weinberger
snprintf() will return the 'ideal' length which may be larger than real
buffer length, if we only want to use real length, need use scnprintf()
instead of.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
kernel/sysctl_binary.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index b609213..653cbbd 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -1024,7 +1024,7 @@ static ssize_t bin_intvec(struct file *file,
if (get_user(value, vec + i))
goto out_kfree;
- str += snprintf(str, end - str, "%lu\t", value);
+ str += scnprintf(str, end - str, "%lu\t", value);
}
result = kernel_write(file, buffer, str - buffer, 0);
@@ -1095,7 +1095,7 @@ static ssize_t bin_ulongvec(struct file *file,
if (get_user(value, vec + i))
goto out_kfree;
- str += snprintf(str, end - str, "%lu\t", value);
+ str += scnprintf(str, end - str, "%lu\t", value);
}
result = kernel_write(file, buffer, str - buffer, 0);
@@ -1205,7 +1205,7 @@ static ssize_t bin_dn_node_address(struct file *file,
if (get_user(dnaddr, (__le16 __user *)newval))
goto out;
- len = snprintf(buf, sizeof(buf), "%hu.%hu",
+ len = scnprintf(buf, sizeof(buf), "%hu.%hu",
le16_to_cpu(dnaddr) >> 10,
le16_to_cpu(dnaddr) & 0x3ff);
--
1.7.7.6
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-10-09 9:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-09 8:29 [PATCH] kernel/kexec.c: use vscnprintf() instead of vsnprintf() in vmcoreinfo_append_str() Chen Gang
2013-10-09 8:29 ` Chen Gang
2013-10-09 9:03 ` [PATCH] kernel/sysctl_binary.c: use scnprintf() instead of snprintf() Chen Gang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.