public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] kernel/kexec.c: use vscnprintf() instead of vsnprintf() in vmcoreinfo_append_str()
@ 2013-10-09  8:29 Chen Gang
  2013-10-09  9:03 ` [PATCH] kernel/sysctl_binary.c: use scnprintf() instead of snprintf() Chen Gang
  0 siblings, 1 reply; 2+ messages in thread
From: Chen Gang @ 2013-10-09  8:29 UTC (permalink / raw)
  To: Eric W. Biederman
  Cc: kexec, linux-kernel@vger.kernel.org, Al Viro, Andrew Morton,
	Joe Perches, Richard Weinberger

vsnprintf() may let 'r' larger than sizeof(buf), in this case, if 'r'
is also less than "vmcoreinfo_max_size - vmcoreinfo_size" (left size of
destination buffer), next memcpy() will read the unexpected addresses.

Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
 kernel/kexec.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/kexec.c b/kernel/kexec.c
index 2a74f30..0abcd68 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -1533,7 +1533,7 @@ void vmcoreinfo_append_str(const char *fmt, ...)
 	size_t r;
 
 	va_start(args, fmt);
-	r = vsnprintf(buf, sizeof(buf), fmt, args);
+	r = vscnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 
 	r = min(r, vmcoreinfo_max_size - vmcoreinfo_size);
-- 
1.7.7.6

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [PATCH] kernel/sysctl_binary.c: use scnprintf() instead of snprintf()
  2013-10-09  8:29 [PATCH] kernel/kexec.c: use vscnprintf() instead of vsnprintf() in vmcoreinfo_append_str() Chen Gang
@ 2013-10-09  9:03 ` Chen Gang
  0 siblings, 0 replies; 2+ messages in thread
From: Chen Gang @ 2013-10-09  9:03 UTC (permalink / raw)
  To: Eric W. Biederman, Al Viro, xi.wang
  Cc: nicolas.dichtel, linux-kernel@vger.kernel.org, Andrew Morton,
	Joe Perches, Richard Weinberger

snprintf() will return the 'ideal' length which may be larger than real
buffer length, if we only want to use real length, need use scnprintf()
instead of.


Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
 kernel/sysctl_binary.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index b609213..653cbbd 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -1024,7 +1024,7 @@ static ssize_t bin_intvec(struct file *file,
 			if (get_user(value, vec + i))
 				goto out_kfree;
 
-			str += snprintf(str, end - str, "%lu\t", value);
+			str += scnprintf(str, end - str, "%lu\t", value);
 		}
 
 		result = kernel_write(file, buffer, str - buffer, 0);
@@ -1095,7 +1095,7 @@ static ssize_t bin_ulongvec(struct file *file,
 			if (get_user(value, vec + i))
 				goto out_kfree;
 
-			str += snprintf(str, end - str, "%lu\t", value);
+			str += scnprintf(str, end - str, "%lu\t", value);
 		}
 
 		result = kernel_write(file, buffer, str - buffer, 0);
@@ -1205,7 +1205,7 @@ static ssize_t bin_dn_node_address(struct file *file,
 		if (get_user(dnaddr, (__le16 __user *)newval))
 			goto out;
 
-		len = snprintf(buf, sizeof(buf), "%hu.%hu",
+		len = scnprintf(buf, sizeof(buf), "%hu.%hu",
 				le16_to_cpu(dnaddr) >> 10,
 				le16_to_cpu(dnaddr) & 0x3ff);
 
-- 
1.7.7.6

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-10-09  9:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-09  8:29 [PATCH] kernel/kexec.c: use vscnprintf() instead of vsnprintf() in vmcoreinfo_append_str() Chen Gang
2013-10-09  9:03 ` [PATCH] kernel/sysctl_binary.c: use scnprintf() instead of snprintf() Chen Gang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox