linux-leds.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow
@ 2019-10-16  7:24 Oleh Kravchenko
  2019-11-04  9:09 ` Pavel Machek
  0 siblings, 1 reply; 3+ messages in thread
From: Oleh Kravchenko @ 2019-10-16  7:24 UTC (permalink / raw)
  To: pavel, linux-leds; +Cc: Oleh Kravchenko, Jacek Anaszewski

Error was detected by PVS-Studio:
V512 A call of the 'sprintf' function will lead to overflow of
the buffer 'led_data->led_cdev_name'.

Acked-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Oleh Kravchenko <oleg@kaa.org.ua>
---
 drivers/leds/leds-mlxreg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/leds/leds-mlxreg.c b/drivers/leds/leds-mlxreg.c
index cabe379071a7..82aea1cd0c12 100644
--- a/drivers/leds/leds-mlxreg.c
+++ b/drivers/leds/leds-mlxreg.c
@@ -228,8 +228,8 @@ static int mlxreg_led_config(struct mlxreg_led_priv_data *priv)
 			brightness = LED_OFF;
 			led_data->base_color = MLXREG_LED_GREEN_SOLID;
 		}
-		sprintf(led_data->led_cdev_name, "%s:%s", "mlxreg",
-			data->label);
+		snprintf(led_data->led_cdev_name, sizeof(led_data->led_cdev_name),
+			 "mlxreg:%s", data->label);
 		led_cdev->name = led_data->led_cdev_name;
 		led_cdev->brightness = brightness;
 		led_cdev->max_brightness = LED_ON;
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow
  2019-10-16  7:24 [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow Oleh Kravchenko
@ 2019-11-04  9:09 ` Pavel Machek
  2019-11-04 14:31   ` Oleh Kravchenko
  0 siblings, 1 reply; 3+ messages in thread
From: Pavel Machek @ 2019-11-04  9:09 UTC (permalink / raw)
  To: Oleh Kravchenko; +Cc: linux-leds, Jacek Anaszewski

[-- Attachment #1: Type: text/plain, Size: 1318 bytes --]

On Wed 2019-10-16 10:24:30, Oleh Kravchenko wrote:
> Error was detected by PVS-Studio:
> V512 A call of the 'sprintf' function will lead to overflow of
> the buffer 'led_data->led_cdev_name'.
> 
> Acked-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
> Acked-by: Pavel Machek <pavel@ucw.cz>
> Signed-off-by: Oleh Kravchenko <oleg@kaa.org.ua>

Thanks for resend, and sorry for the delay.

Note that this would only be security issue if someone did malicious
device tree... so... not a security issue :-).

Applied.

								Pavel

> index cabe379071a7..82aea1cd0c12 100644
> --- a/drivers/leds/leds-mlxreg.c
> +++ b/drivers/leds/leds-mlxreg.c
> @@ -228,8 +228,8 @@ static int mlxreg_led_config(struct mlxreg_led_priv_data *priv)
>  			brightness = LED_OFF;
>  			led_data->base_color = MLXREG_LED_GREEN_SOLID;
>  		}
> -		sprintf(led_data->led_cdev_name, "%s:%s", "mlxreg",
> -			data->label);
> +		snprintf(led_data->led_cdev_name, sizeof(led_data->led_cdev_name),
> +			 "mlxreg:%s", data->label);
>  		led_cdev->name = led_data->led_cdev_name;
>  		led_cdev->brightness = brightness;
>  		led_cdev->max_brightness = LED_ON;
> -- 
> 2.21.0

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow
  2019-11-04  9:09 ` Pavel Machek
@ 2019-11-04 14:31   ` Oleh Kravchenko
  0 siblings, 0 replies; 3+ messages in thread
From: Oleh Kravchenko @ 2019-11-04 14:31 UTC (permalink / raw)
  To: Pavel Machek; +Cc: linux-leds, Jacek Anaszewski

Hello Pavel,

On 04.11.19 11:09, Pavel Machek wrote:
> On Wed 2019-10-16 10:24:30, Oleh Kravchenko wrote:
>> Error was detected by PVS-Studio:
>> V512 A call of the 'sprintf' function will lead to overflow of
>> the buffer 'led_data->led_cdev_name'.
>>
>> Acked-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
>> Acked-by: Pavel Machek <pavel@ucw.cz>
>> Signed-off-by: Oleh Kravchenko <oleg@kaa.org.ua>
> Thanks for resend, and sorry for the delay.
>
> Note that this would only be security issue if someone did malicious
> device tree... so... not a security issue :-).

Agree, very limited case.
But I just want make our kernel more robust and reliable :-)

>
> Applied.
Thanks!
> 								Pavel

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-11-04 14:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-16  7:24 [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow Oleh Kravchenko
2019-11-04  9:09 ` Pavel Machek
2019-11-04 14:31   ` Oleh Kravchenko

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).