From: "Chen-Yu Tsai (Moxa)" <wens@csie.org>
To: nobuhiro1.iwamatsu@toshiba.co.jp, pavel@denx.de
Cc: Viresh Kumar <viresh.kumar@linaro.org>,
cip-dev@lists.cip-project.org, JohnsonCH.Chen@moxa.com,
Geert Uytterhoeven <geert@linux-m68k.org>,
Geert Uytterhoeven <geert+renesas@glider.be>,
Stephen Boyd <sboyd@codeaurora.org>,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Chen-Yu Tsai <wens@csie.org>
Subject: [cip-dev] [4.4.y-cip 11/15] PM / OPP: Use snprintf() instead of sprintf()
Date: Thu, 4 Jun 2020 11:18:25 +0800 [thread overview]
Message-ID: <20200604031829.3254-12-wens@csie.org> (raw)
In-Reply-To: <20200604031829.3254-1-wens@csie.org>
[-- Attachment #1: Type: text/plain, Size: 1834 bytes --]
From: Viresh Kumar <viresh.kumar@linaro.org>
commit 5ff24d601092b222340b28466e263b1c4559407e upstream.
sprintf() can access memory outside of the range of the character array,
and is risky in some situations. The driver specified prop_name string
can be longer than NAME_MAX here (only an attacker will do that though)
and so blindly copying it into the character array of size NAME_MAX
isn't safe. Instead we must use snprintf() here.
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Chen-Yu Tsai (Moxa) <wens@csie.org>
---
drivers/base/power/opp/core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c
index 504a6d4e46723..1e0a2ddf73323 100644
--- a/drivers/base/power/opp/core.c
+++ b/drivers/base/power/opp/core.c
@@ -808,7 +808,8 @@ static int opp_parse_supplies(struct dev_pm_opp *opp, struct device *dev,
/* Search for "opp-microvolt-<name>" */
if (dev_opp->prop_name) {
- sprintf(name, "opp-microvolt-%s", dev_opp->prop_name);
+ snprintf(name, sizeof(name), "opp-microvolt-%s",
+ dev_opp->prop_name);
prop = of_find_property(opp->np, name, NULL);
}
@@ -855,7 +856,8 @@ static int opp_parse_supplies(struct dev_pm_opp *opp, struct device *dev,
/* Search for "opp-microamp-<name>" */
prop = NULL;
if (dev_opp->prop_name) {
- sprintf(name, "opp-microamp-%s", dev_opp->prop_name);
+ snprintf(name, sizeof(name), "opp-microamp-%s",
+ dev_opp->prop_name);
prop = of_find_property(opp->np, name, NULL);
}
--
2.27.0.rc0
[-- Attachment #2: Type: text/plain, Size: 419 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4707): https://lists.cip-project.org/g/cip-dev/message/4707
Mute This Topic: https://lists.cip-project.org/mt/74669305/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2020-06-04 11:55 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-04 3:18 [cip-dev] [4.4.y-cip 00/15] PM / OPP v2 & cpufreq backports part 1 Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 01/15] PM / OPP: Add debugfs support Chen-Yu Tsai (Moxa)
2020-06-04 4:47 ` Viresh Kumar
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 02/15] PM / OPP: Add "opp-supported-hw" binding Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 03/15] PM / OPP: Add {opp-microvolt|opp-microamp}-<name> binding Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 04/15] PM / OPP: Remove 'operating-points-names' binding Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 05/15] PM / OPP: Rename OPP nodes as opp@<opp-hz> Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 06/15] PM / OPP: Add missing doc comments Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 07/15] PM / OPP: Parse 'opp-supported-hw' binding Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 08/15] PM / OPP: Parse 'opp-<prop>-<name>' bindings Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 09/15] PM / OPP: Fix parsing of opp-microvolt and opp-microamp properties Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 10/15] PM / OPP: Set cpu_dev->id in cpumask first Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` Chen-Yu Tsai (Moxa) [this message]
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 12/15] devicetree: bindings: Add optional dynamic-power-coefficient property Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 13/15] cpufreq-dt: Supply power coefficient when registering cooling devices Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 14/15] cpufreq-dt: fix handling regulator_get_voltage() result Chen-Yu Tsai (Moxa)
2020-06-04 3:18 ` [cip-dev] [4.4.y-cip 15/15] cpufreq: cpufreq-dt: avoid uninitialized variable warnings: Chen-Yu Tsai (Moxa)
2020-06-04 3:45 ` [cip-dev] [4.4.y-cip 00/15] PM / OPP v2 & cpufreq backports part 1 Chen-Yu Tsai (Moxa)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200604031829.3254-12-wens@csie.org \
--to=wens@csie.org \
--cc=JohnsonCH.Chen@moxa.com \
--cc=cip-dev@lists.cip-project.org \
--cc=geert+renesas@glider.be \
--cc=geert@linux-m68k.org \
--cc=nobuhiro1.iwamatsu@toshiba.co.jp \
--cc=pavel@denx.de \
--cc=rafael.j.wysocki@intel.com \
--cc=sboyd@codeaurora.org \
--cc=viresh.kumar@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).