Re: [PATCH v2 3/3] lockdown: Use snprintf in lockdown_read

["Serge E. Hallyn" <serge@hallyn.com>]

On Mon, Jul 28, 2025 at 02:15:17PM +0300, Nikolay Borisov wrote:
> Since individual features are now locked down separately ensure that if
> the printing code is change to list them a buffer overrun won't be
> introduced.  As per Serge's recommendation switch from using sprintf to
> using snprintf and return EINVAL in case longer than 80 char string hasi
> to be printed.
> 
> Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>

Thanks, 2 comments below

> ---
>  security/lockdown/lockdown.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
> index 412184121279..ed1dde41d7d3 100644
> --- a/security/lockdown/lockdown.c
> +++ b/security/lockdown/lockdown.c
> @@ -112,11 +112,19 @@ static ssize_t lockdown_read(struct file *filp, char __user *buf, size_t count,
> 
>  		if (lockdown_reasons[level]) {
>  			const char *label = lockdown_reasons[level];
> +			int ret = 0;
> +			int write_len = 80-offset;

80 should really be a #define (and used to declare the length of temp as
well).

> +
> 
>  			if (test_bit(level, kernel_locked_down))
> -				offset += sprintf(temp+offset, "[%s] ", label);
> +				ret = snprintf(temp+offset, write_len, "[%s] ", label);
>  			else
> -				offset += sprintf(temp+offset, "%s ", label);
> +				ret = snprintf(temp+offset, write_len, "%s ", label);
> +
> +			if (ret < 0 || ret >= write_len)
> +				return -ENOMEM;

is ENOMEM right here, or should it be something like EINVAL or E2BIG?

> +
> +			offset += ret;
>  		}
>  	}
> 
> --
> 2.34.1
>