* [patch] caif: add a sanity check to the tty name
@ 2013-09-03 9:02 Dan Carpenter
2013-09-03 10:47 ` Dmitry Tarnyagin
2013-09-04 4:54 ` David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2013-09-03 9:02 UTC (permalink / raw)
To: Dmitry Tarnyagin; +Cc: netdev, kernel-janitors
"tty->name" and "name" are a 64 character buffers. My static checker
complains because we add the "cf" on the front so it look like we are
copying a 66 character string into a 64 character buffer.
Also if the name is larger than IFNAMSIZ (16) it triggers a BUG_ON()
inside the call to alloc_netdev().
This is all under CAP_SYS_ADMIN so it's not a security fix, it just adds
a little robustness.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/net/caif/caif_serial.c b/drivers/net/caif/caif_serial.c
index 34dea95..88a6a58 100644
--- a/drivers/net/caif/caif_serial.c
+++ b/drivers/net/caif/caif_serial.c
@@ -347,7 +347,9 @@ static int ldisc_open(struct tty_struct *tty)
/* release devices to avoid name collision */
ser_release(NULL);
- sprintf(name, "cf%s", tty->name);
+ result = snprintf(name, sizeof(name), "cf%s", tty->name);
+ if (result >= IFNAMSIZ)
+ return -EINVAL;
dev = alloc_netdev(sizeof(*ser), name, caifdev_setup);
if (!dev)
return -ENOMEM;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [patch] caif: add a sanity check to the tty name
2013-09-03 9:02 [patch] caif: add a sanity check to the tty name Dan Carpenter
@ 2013-09-03 10:47 ` Dmitry Tarnyagin
2013-09-04 4:54 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Dmitry Tarnyagin @ 2013-09-03 10:47 UTC (permalink / raw)
To: Dan Carpenter; +Cc: netdev, kernel-janitors
Hi Dan,
Agree, thank you!
With best regards,
Dmitry
Den 03. sep. 2013 11:02, skrev Dan Carpenter:
> - sprintf(name, "cf%s", tty->name);
> + result = snprintf(name, sizeof(name), "cf%s", tty->name);
> + if (result >= IFNAMSIZ)
> + return -EINVAL;
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch] caif: add a sanity check to the tty name
2013-09-03 9:02 [patch] caif: add a sanity check to the tty name Dan Carpenter
2013-09-03 10:47 ` Dmitry Tarnyagin
@ 2013-09-04 4:54 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2013-09-04 4:54 UTC (permalink / raw)
To: dan.carpenter; +Cc: dmitry.tarnyagin, netdev, kernel-janitors
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 3 Sep 2013 12:02:32 +0300
> "tty->name" and "name" are a 64 character buffers. My static checker
> complains because we add the "cf" on the front so it look like we are
> copying a 66 character string into a 64 character buffer.
>
> Also if the name is larger than IFNAMSIZ (16) it triggers a BUG_ON()
> inside the call to alloc_netdev().
>
> This is all under CAP_SYS_ADMIN so it's not a security fix, it just adds
> a little robustness.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Applied.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-09-04 4:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-03 9:02 [patch] caif: add a sanity check to the tty name Dan Carpenter
2013-09-03 10:47 ` Dmitry Tarnyagin
2013-09-04 4:54 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).