From: Ben Hutchings <ben@decadent.org.uk> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: akpm@linux-foundation.org, "Linus Torvalds" <torvalds@linux-foundation.org>, "Herbert Xu" <herbert@gondor.hengli.com.au>, "David S. Miller" <davem@davemloft.net>, "Kees Cook" <keescook@chromium.org> Subject: [68/85] crypto: sanitize argument for format string Date: Wed, 24 Jul 2013 15:02:45 +0100 [thread overview] Message-ID: <lsq.1374674565.493560247@decadent.org.uk> (raw) In-Reply-To: <lsq.1374674564.753305150@decadent.org.uk> 3.2.49-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Kees Cook <keescook@chromium.org> commit 1c8fca1d92e14859159a82b8a380d220139b7344 upstream. The template lookup interface does not provide a way to use format strings, so make sure that the interface cannot be abused accidentally. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- crypto/algapi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -477,7 +477,8 @@ static struct crypto_template *__crypto_ struct crypto_template *crypto_lookup_template(const char *name) { - return try_then_request_module(__crypto_lookup_template(name), name); + return try_then_request_module(__crypto_lookup_template(name), "%s", + name); } EXPORT_SYMBOL_GPL(crypto_lookup_template);
WARNING: multiple messages have this Message-ID (diff)
From: Ben Hutchings <ben@decadent.org.uk> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: akpm@linux-foundation.org, "Linus Torvalds" <torvalds@linux-foundation.org>, "Herbert Xu" <herbert@gondor.apana.org.au>, "David S. Miller" <davem@davemloft.net>, "Kees Cook" <keescook@chromium.org> Subject: [68/85] crypto: sanitize argument for format string Date: Wed, 24 Jul 2013 15:02:45 +0100 [thread overview] Message-ID: <lsq.1374674565.493560247@decadent.org.uk> (raw) In-Reply-To: <lsq.1374674564.753305150@decadent.org.uk> 3.2.49-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Kees Cook <keescook@chromium.org> commit 1c8fca1d92e14859159a82b8a380d220139b7344 upstream. The template lookup interface does not provide a way to use format strings, so make sure that the interface cannot be abused accidentally. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- crypto/algapi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -477,7 +477,8 @@ static struct crypto_template *__crypto_ struct crypto_template *crypto_lookup_template(const char *name) { - return try_then_request_module(__crypto_lookup_template(name), name); + return try_then_request_module(__crypto_lookup_template(name), "%s", + name); } EXPORT_SYMBOL_GPL(crypto_lookup_template);
next prev parent reply other threads:[~2013-07-24 14:27 UTC|newest] Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top 2013-07-24 14:02 [00/85] 3.2.49-rc1 review Ben Hutchings 2013-07-24 14:02 ` [16/85] b43: ensue that BCMA is "y" when B43 is "y" Ben Hutchings 2013-09-09 18:01 ` Steven Rostedt 2013-09-09 18:39 ` Ben Hutchings 2013-09-09 18:46 ` Steven Rostedt 2013-09-09 20:56 ` Konstantin Ryabitsev 2013-09-11 1:00 ` Ben Hutchings 2013-07-24 14:02 ` [71/85] hpfs: better test for errors Ben Hutchings 2013-07-24 14:02 ` Ben Hutchings [this message] 2013-07-24 14:02 ` [68/85] crypto: sanitize argument for format string Ben Hutchings 2013-07-24 14:02 ` [42/85] perf: Disable monitoring on setuid processes for regular users Ben Hutchings 2013-07-24 14:02 ` [52/85] xen/time: remove blocked time accounting from xen "clockchip" Ben Hutchings 2013-07-24 14:02 ` [37/85] [SCSI] mpt2sas: fix firmware failure with wrong task attribute Ben Hutchings 2013-07-24 14:02 ` [32/85] Bluetooth: Fix invalid length check in l2cap_information_rsp() Ben Hutchings 2013-07-24 14:02 ` [46/85] Handle big endianness in NTLM (ntlmv2) authentication Ben Hutchings 2013-07-24 14:02 ` [60/85] tracing: Fix irqs-off tag display in syscall tracing Ben Hutchings 2013-07-24 14:02 ` [08/85] zram: avoid invalid memory access in zram_exit() Ben Hutchings 2013-07-24 14:02 ` [31/85] ahci: AHCI-mode SATA patch for Intel Coleto Creek DeviceIDs Ben Hutchings 2013-07-24 14:02 ` [30/85] ata_piix: IDE-mode " Ben Hutchings 2013-07-24 14:02 ` [29/85] hw_breakpoint: Use cpu_possible_mask in {reserve,release}_bp_slot() Ben Hutchings 2013-07-24 14:02 ` [50/85] writeback: Fix periodic writeback after fs mount Ben Hutchings 2013-07-24 14:02 ` [25/85] xhci: check for failed dma pool allocation Ben Hutchings 2013-07-24 14:02 ` [03/85] [SCSI] zfcp: fix adapter (re)open recovery while link to SAN is down Ben Hutchings 2013-07-24 14:02 ` [80/85] pch_uart: fix a deadlock when pch_uart as console Ben Hutchings 2013-07-24 14:02 ` [55/85] Revert "serial: 8250_pci: add support for another kind of NetMos Technology PCI 9835 Multi-I/O Controller" Ben Hutchings 2013-07-24 14:02 ` [57/85] ext3,ext4: don't mess with dir_file->f_pos in htree_dirblock_to_tree() Ben Hutchings 2013-07-24 14:02 ` [07/85] i2c-piix4: Add AMD CZ SMBus device ID Ben Hutchings 2013-07-24 14:02 ` [82/85] ext4: fix overflow when counting used blocks on 32-bit architectures Ben Hutchings 2013-07-24 14:02 ` [58/85] jbd2: fix theoretical race in jbd2__journal_restart Ben Hutchings 2013-07-24 14:02 ` [47/85] dlci: acquire rtnl_lock before calling __dev_get_by_name() Ben Hutchings 2013-07-24 14:02 ` [13/85] ahci: remove pmp link online check in FBS EH Ben Hutchings 2013-07-24 14:02 ` [64/85] libceph: Fix NULL pointer dereference in auth client code Ben Hutchings 2013-07-24 14:02 ` [67/85] block: do not pass disk names as format strings Ben Hutchings 2013-07-24 14:02 ` [24/85] ALSA: hda - Cache the MUX selection for generic HDMI Ben Hutchings 2013-07-24 14:02 ` [36/85] [SCSI] mpt2sas: Fix for device scan following host reset could get stuck in a infinite loop Ben Hutchings 2013-07-24 14:02 ` [59/85] nfsd4: fix decoding of compounds across page boundaries Ben Hutchings 2013-07-24 14:02 ` [39/85] futex: Take hugepages into account when generating futex_key Ben Hutchings 2013-07-24 14:02 ` [49/85] genirq: Fix can_request_irq() for IRQs without an action Ben Hutchings 2013-07-24 14:02 ` [76/85] perf: Fix perf_lock_task_context() vs RCU Ben Hutchings 2013-07-24 14:02 ` [81/85] drivers/cdrom/cdrom.c: use kzalloc() for failing hardware Ben Hutchings 2013-07-24 14:02 ` [43/85] [SCSI] sd: fix array cache flushing bug causing performance problems Ben Hutchings 2013-07-24 14:02 ` [66/85] ocfs2: xattr: fix inlined xattr reflink Ben Hutchings 2013-07-24 14:02 ` [40/85] net/tg3: Avoid delay during MMIO access Ben Hutchings 2013-07-24 16:42 ` Luis Henriques 2013-07-24 19:45 ` David Miller 2013-07-24 21:09 ` David Miller 2013-07-25 4:16 ` Ben Hutchings 2013-07-25 21:03 ` Greg KH 2013-07-25 4:15 ` Ben Hutchings 2013-07-24 14:02 ` [69/85] drivers/rtc/rtc-rv3029c2.c: fix disabling AIE irq Ben Hutchings 2013-07-24 14:02 ` [63/85] Input: bcm5974 - add support for the 2013 MacBook Air Ben Hutchings 2013-07-25 6:48 ` rydberg 2013-07-24 14:02 ` [41/85] vgacon.c: add cond reschedule points in vgacon_do_font_op Ben Hutchings 2013-07-24 14:02 ` [70/85] nbd: correct disconnect behavior Ben Hutchings 2013-07-24 14:02 ` [14/85] usb: gadget: f_mass_storage: add missing memory barrier for thread_wakeup_needed Ben Hutchings 2013-07-24 14:02 ` [74/85] perf: Clone child context from parent context pmu Ben Hutchings 2013-07-24 14:02 ` [17/85] ath9k_hw: Assign default xlna config for AR9485 Ben Hutchings 2013-07-24 14:02 ` [85/85] MAINTAINERS: add stable_kernel_rules.txt to stable maintainer information Ben Hutchings 2013-07-24 14:02 ` [44/85] [SCSI] sd: Fix parsing of 'temporary ' cache mode prefix Ben Hutchings 2013-07-24 14:02 ` [20/85] ath9k: Do not assign noise for NULL caldata Ben Hutchings 2013-07-24 14:02 ` [62/85] HID: apple: Add support for the 2013 Macbook Air Ben Hutchings 2013-07-25 6:50 ` rydberg 2013-07-26 2:49 ` Ben Hutchings 2013-07-24 14:02 ` [05/85] [SCSI] zfcp: status read buffers on first adapter open with link down Ben Hutchings 2013-07-24 14:02 ` [19/85] ath9k: Fix noisefloor calibration Ben Hutchings 2013-07-24 14:02 ` [73/85] iscsi-target: Fix tfc_tpg_nacl_auth_cit configfs length overflow Ben Hutchings 2013-07-24 14:02 ` [04/85] [SCSI] zfcp: block queue limits with data router Ben Hutchings 2013-07-24 14:02 ` [33/85] iommu/amd: Only unmap large pages from the first pte Ben Hutchings 2013-07-24 14:02 ` [12/85] zram: protect sysfs handler from invalid memory access Ben Hutchings 2013-07-24 14:02 ` [21/85] Bluetooth: Fix crash in l2cap_build_cmd() with small MTU Ben Hutchings 2013-07-24 14:02 ` [61/85] HID: Add support for the MacBook Pro 10,2 keyboard / touchpad Ben Hutchings 2013-07-24 14:02 ` [38/85] USB: option,qcserial: move Novatel Gobi1K IDs to qcserial Ben Hutchings 2013-07-24 14:02 ` [01/85] r8169: fix offloaded tx checksum for small packets Ben Hutchings 2013-07-24 14:02 ` [77/85] ceph: fix statvfs fr_size Ben Hutchings 2013-07-24 14:02 ` [34/85] ARM: 7765/1: perf: Record the user-mode PC in the call chain Ben Hutchings 2013-07-24 14:02 ` [78/85] perf: Fix perf mmap bugs Ben Hutchings 2013-07-24 14:02 ` [65/85] drivers/dma/pl330.c: fix locking in pl330_free_chan_resources() Ben Hutchings 2013-07-24 14:02 ` [15/85] libata: skip SRST for all SIMG [34]7x port-multipliers Ben Hutchings 2013-07-24 14:02 ` [48/85] dlci: validate the net device in dlci_del() Ben Hutchings 2013-07-24 14:02 ` [11/85] zram: avoid access beyond the zram device Ben Hutchings 2013-07-24 14:02 ` [06/85] ahci: Add AMD CZ SATA device ID Ben Hutchings 2013-07-24 14:02 ` [35/85] [SCSI] mpt2sas: Fix for issue Missing delay not getting set during system bootup Ben Hutchings 2013-07-24 14:02 ` [84/85] MAINTAINERS: Greg's suse email address is dead Ben Hutchings 2013-07-24 14:02 ` [09/85] zram: use zram->lock to protect zram_free_page() in swap free notify path Ben Hutchings 2013-07-24 14:02 ` [18/85] ath9k: fill channel mode in caldata Ben Hutchings 2013-07-24 14:02 ` [45/85] cgroup: fix RCU accesses to task->cgroups Ben Hutchings 2013-07-24 14:02 ` [27/85] [media] media: dmxdev: remove dvb_ringbuffer_flush() on writer side Ben Hutchings 2013-07-24 14:02 ` [75/85] perf: Remove WARN_ON_ONCE() check in __perf_event_enable() for valid scenario Ben Hutchings 2013-07-24 14:02 ` [10/85] zram: destroy all devices on error recovery path in zram_init() Ben Hutchings 2013-07-24 14:02 ` [02/85] printk: Fix rq->lock vs logbuf_lock unlock lock inversion Ben Hutchings 2013-07-24 14:02 ` [72/85] [SCSI] megaraid_sas: fix memory leak if SGL has zero length entries Ben Hutchings 2013-07-24 14:02 ` [79/85] perf: Fix mmap() accounting hole Ben Hutchings 2013-07-24 14:02 ` [54/85] UBIFS: fix a horrid bug Ben Hutchings 2013-07-24 14:02 ` [22/85] ASoC: wm8962: Remove remaining direct register cache accesses Ben Hutchings 2013-07-24 14:02 ` [26/85] drivers: hv: switch to use mb() instead of smp_mb() Ben Hutchings 2013-07-24 14:02 ` [51/85] timer: Fix jiffies wrap behavior of round_jiffies_common() Ben Hutchings 2013-07-24 14:02 ` [53/85] UBIFS: prepare to fix a horrid bug Ben Hutchings 2013-07-24 14:02 ` [23/85] rtlwifi: rtl8192cu: Add new USB ID for TP-Link TL-WN8200ND Ben Hutchings 2013-07-24 14:02 ` [56/85] powerpc/smp: Section mismatch from smp_release_cpus to __initdata spinning_secondaries Ben Hutchings 2013-07-24 14:02 ` [83/85] ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs Ben Hutchings 2013-07-24 14:11 ` [00/85] 3.2.49-rc1 review Ben Hutchings
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=lsq.1374674565.493560247@decadent.org.uk \ --to=ben@decadent.org.uk \ --cc=akpm@linux-foundation.org \ --cc=davem@davemloft.net \ --cc=herbert@gondor.hengli.com.au \ --cc=keescook@chromium.org \ --cc=linux-kernel@vger.kernel.org \ --cc=stable@vger.kernel.org \ --cc=torvalds@linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.