From: "Chen-Yu Tsai (Moxa)" <wens@csie.org>
To: nobuhiro1.iwamatsu@toshiba.co.jp, pavel@denx.de
Cc: cip-dev@lists.cip-project.org, JohnsonCH.Chen@moxa.com
Subject: [cip-dev] [PATCH 4.4.y-cip v3 10/14] PM / OPP: Use snprintf() instead of sprintf()
Date: Tue, 9 Jun 2020 12:09:22 +0800 [thread overview]
Message-ID: <20200609040926.8910-11-wens@csie.org> (raw)
In-Reply-To: <20200609040926.8910-1-wens@csie.org>
[-- Attachment #1: Type: text/plain, Size: 1834 bytes --]
From: Viresh Kumar <viresh.kumar@linaro.org>
commit 5ff24d601092b222340b28466e263b1c4559407e upstream.
sprintf() can access memory outside of the range of the character array,
and is risky in some situations. The driver specified prop_name string
can be longer than NAME_MAX here (only an attacker will do that though)
and so blindly copying it into the character array of size NAME_MAX
isn't safe. Instead we must use snprintf() here.
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Chen-Yu Tsai (Moxa) <wens@csie.org>
---
drivers/base/power/opp/core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c
index 504a6d4e46723..1e0a2ddf73323 100644
--- a/drivers/base/power/opp/core.c
+++ b/drivers/base/power/opp/core.c
@@ -808,7 +808,8 @@ static int opp_parse_supplies(struct dev_pm_opp *opp, struct device *dev,
/* Search for "opp-microvolt-<name>" */
if (dev_opp->prop_name) {
- sprintf(name, "opp-microvolt-%s", dev_opp->prop_name);
+ snprintf(name, sizeof(name), "opp-microvolt-%s",
+ dev_opp->prop_name);
prop = of_find_property(opp->np, name, NULL);
}
@@ -855,7 +856,8 @@ static int opp_parse_supplies(struct dev_pm_opp *opp, struct device *dev,
/* Search for "opp-microamp-<name>" */
prop = NULL;
if (dev_opp->prop_name) {
- sprintf(name, "opp-microamp-%s", dev_opp->prop_name);
+ snprintf(name, sizeof(name), "opp-microamp-%s",
+ dev_opp->prop_name);
prop = of_find_property(opp->np, name, NULL);
}
--
2.27.0.rc0
[-- Attachment #2: Type: text/plain, Size: 419 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4786): https://lists.cip-project.org/g/cip-dev/message/4786
Mute This Topic: https://lists.cip-project.org/mt/74768073/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2020-06-09 4:10 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-09 4:09 [cip-dev] [PATCH 4.4.y-cip v3 00/14] PM / OPP v2 & cpufreq backports part 1 Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 01/14] PM / OPP: Add debugfs support Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 02/14] PM / OPP: Add "opp-supported-hw" binding Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 03/14] PM / OPP: Add {opp-microvolt|opp-microamp}-<name> binding Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 04/14] PM / OPP: Remove 'operating-points-names' binding Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 05/14] PM / OPP: Rename OPP nodes as opp@<opp-hz> Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 06/14] PM / OPP: Add missing doc comments Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 07/14] PM / OPP: Parse 'opp-supported-hw' binding Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 08/14] PM / OPP: Parse 'opp-<prop>-<name>' bindings Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 09/14] PM / OPP: Set cpu_dev->id in cpumask first Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` Chen-Yu Tsai (Moxa) [this message]
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 11/14] devicetree: bindings: Add optional dynamic-power-coefficient property Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 12/14] cpufreq-dt: Supply power coefficient when registering cooling devices Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 13/14] cpufreq-dt: fix handling regulator_get_voltage() result Chen-Yu Tsai (Moxa)
2020-06-09 4:09 ` [cip-dev] [PATCH 4.4.y-cip v3 14/14] cpufreq: cpufreq-dt: avoid uninitialized variable warnings: Chen-Yu Tsai (Moxa)
2020-06-09 11:01 ` [cip-dev] [PATCH 4.4.y-cip v3 00/14] PM / OPP v2 & cpufreq backports part 1 Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200609040926.8910-11-wens@csie.org \
--to=wens@csie.org \
--cc=JohnsonCH.Chen@moxa.com \
--cc=cip-dev@lists.cip-project.org \
--cc=nobuhiro1.iwamatsu@toshiba.co.jp \
--cc=pavel@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).