[PATCH] ARM: setup: avoid overflowing {elf, arch}_name from proc_info_list

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] ARM: setup: avoid overflowing {elf, arch}_name from proc_info_list
Date: Tue,  8 Nov 2011 14:46:06 +0000	[thread overview]
Message-ID: <1320763566-12183-1-git-send-email-will.deacon@arm.com> (raw)

setup_processor copies the arch_name and elf_name fields out of
the selected proc_info_list into two fixed size buffers.

Since the proc_info_list structure is defined in a proc_*.S
assembly file, this can lead to subtle errors if the strings
defined there are too long (for example, corrupting the machine ID).

This patch uses snprintf instead of sprintf to ensure that these
buffers are not overrun.

Signed-off-by: Will Deacon <will.deacon@arm.com>
---

I appreciate this is borderline pedantry, but it doesn't hurt. Plus, if
you are (for whatever reason) messing around with arch_name and elf_name,
hitting this bug is seriously painful!

 arch/arm/kernel/setup.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
index 7e7977a..3448a3f 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -461,8 +461,10 @@ static void __init setup_processor(void)
 	       cpu_name, read_cpuid_id(), read_cpuid_id() & 15,
 	       proc_arch[cpu_architecture()], cr_alignment);

-	sprintf(init_utsname()->machine, "%s%c", list->arch_name, ENDIANNESS);
-	sprintf(elf_platform, "%s%c", list->elf_name, ENDIANNESS);
+	snprintf(init_utsname()->machine, __NEW_UTS_LEN + 1, "%s%c",
+		 list->arch_name, ENDIANNESS);
+	snprintf(elf_platform, ELF_PLATFORM_SIZE, "%s%c",
+		 list->elf_name, ENDIANNESS);
 	elf_hwcap = list->elf_hwcap;
 #ifndef CONFIG_ARM_THUMB
 	elf_hwcap &= ~HWCAP_THUMB;
-- 
1.7.4.1

                 reply	other threads:[~2011-11-08 14:46 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7e7977a dfblob:3448a3f )
 OR (
bs:"[PATCH] ARM: setup: avoid overflowing {elf, arch}_name from proc_info_list" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1320763566-12183-1-git-send-email-will.deacon@arm.com \
    --to=will.deacon@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).