From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756742AbbIXHtS (ORCPT <rfc822;w@1wt.eu>);
	Thu, 24 Sep 2015 03:49:18 -0400
Received: from mx2.suse.de ([195.135.220.15]:58097 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754818AbbIXHtR convert rfc822-to-8bit (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 24 Sep 2015 03:49:17 -0400
From: Johannes Thumshirn <jthumshirn@suse.de>
To: Sasha Levin <sasha.levin@oracle.com>
Cc: JBottomley@odin.com, linux-scsi@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] scsi_dh: avoid allowing dh_state to pass format specs when requesting a module
References: <1443056906-7306-1-git-send-email-sasha.levin@oracle.com>
Date: Thu, 24 Sep 2015 09:49:15 +0200
In-Reply-To: <1443056906-7306-1-git-send-email-sasha.levin@oracle.com> (Sasha
	Levin's message of "Wed, 23 Sep 2015 21:08:26 -0400")
Message-ID: <mqdvbb0uuis.fsf@c203.arch.suse.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Sasha Levin <sasha.levin@oracle.com> writes:

> A malicious string passed from userspace might contain format specifiers which
> request_module() might try to handle, which is bad.
>
> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
> ---
>  drivers/scsi/scsi_dh.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/scsi_dh.c b/drivers/scsi/scsi_dh.c
> index edb044a..24be260 100644
> --- a/drivers/scsi/scsi_dh.c
> +++ b/drivers/scsi/scsi_dh.c
> @@ -111,7 +111,7 @@ static struct scsi_device_handler *scsi_dh_lookup(const char *name)
>  
>  	dh = __scsi_dh_lookup(name);
>  	if (!dh) {
> -		request_module(name);
> +		request_module("%s", name);
>  		dh = __scsi_dh_lookup(name);
>  	}

Good catch.

Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>

-- 
Johannes Thumshirn                                           Storage
jthumshirn@suse.de                                 +49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
Key fingerprint = EC38 9CAB C2C4 F25D 8600  D0D0 0393 969D 2D76 0850