From: Alexander Strakh <strakh@ispras.ru>
To: Matthew Wilcox <willy@linux.intel.com>,
Paul Diefenbaugh <paul.s.diefenbaugh@intel.com>,
Andy Grover <andrew.grover@intel.com>,
Len Brown <lenb@kernel.org>,
linux-acpi@vger.kernel.org
Subject: BUG printk with not null-terminated string in driver /drivers/acpi/osl.c
Date: Tue, 22 Dec 2009 18:46:02 +0000 [thread overview]
Message-ID: <200912221846.02318.strakh@ispras.ru> (raw)
In driver drivers/acpi/osl.c in function acpi_osi_setup:
1. If in line 555 *osi_additional_string == 0 then we goto line 1039
2. In line 1039: if length of str > OSI_STRING_LENGTH_MAX then
osi_additional_string not have 0 at the end.
3. In line 1040 printk called with not null-terminated string.
1026 int __init acpi_osi_setup(char *str)
1027 {
1028 if (str == NULL || *str == '\0') {
1029 printk(KERN_INFO PREFIX "_OSI method disabled\n");
1030 acpi_gbl_create_osi_method = FALSE;
1031 } else if (!strcmp("!Linux", str)) {
1032 acpi_cmdline_osi_linux(0); /* !enable */
1033 } else if (*str == '!') {
1034 if (acpi_osi_invalidate(++str) == AE_OK)
1035 printk(KERN_INFO PREFIX "Deleted _OSI(%s)\n",
str);
1036 } else if (!strcmp("Linux", str)) {
1037 acpi_cmdline_osi_linux(1); /* enable */
1038 } else if (*osi_additional_string == '\0') {
1039 strncpy(osi_additional_string, str,
OSI_STRING_LENGTH_MAX);
1040 printk(KERN_INFO PREFIX "Added _OSI(%s)\n", str);
1041 }
1042
1043 return 1;
1044 }
Found by Linux Device Drivers Verification (Svace detector)
Add terminate symbol for string in any cases.
Signed-off-by: Alexander Strakh <strakh@ispras.ru>
---
diff --git a/./0000/drivers/acpi/osl.c b/./0001/drivers/acpi/osl.c
index 02e8464..9c759f8 100644
--- a/./0000/drivers/acpi/osl.c
+++ b/./0001/drivers/acpi/osl.c
@@ -1037,6 +1037,7 @@ int __init acpi_osi_setup(char *str)
acpi_cmdline_osi_linux(1); /* enable */
} else if (*osi_additional_string == '\0') {
strncpy(osi_additional_string, str, OSI_STRING_LENGTH_MAX);
+ osi_additional_string[OSI_STRING_LENGTH_MAX - 1] = 0;
printk(KERN_INFO PREFIX "Added _OSI(%s)\n", str);
}
next reply other threads:[~2009-12-22 14:40 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-22 18:46 Alexander Strakh [this message]
2009-12-22 17:12 ` BUG printk with not null-terminated string in driver /drivers/acpi/osl.c Björn Steinbrink
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200912221846.02318.strakh@ispras.ru \
--to=strakh@ispras.ru \
--cc=andrew.grover@intel.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=paul.s.diefenbaugh@intel.com \
--cc=willy@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox