* [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow
@ 2019-10-16 7:24 Oleh Kravchenko
2019-11-04 9:09 ` Pavel Machek
0 siblings, 1 reply; 3+ messages in thread
From: Oleh Kravchenko @ 2019-10-16 7:24 UTC (permalink / raw)
To: pavel, linux-leds; +Cc: Oleh Kravchenko, Jacek Anaszewski
Error was detected by PVS-Studio:
V512 A call of the 'sprintf' function will lead to overflow of
the buffer 'led_data->led_cdev_name'.
Acked-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Oleh Kravchenko <oleg@kaa.org.ua>
---
drivers/leds/leds-mlxreg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/leds/leds-mlxreg.c b/drivers/leds/leds-mlxreg.c
index cabe379071a7..82aea1cd0c12 100644
--- a/drivers/leds/leds-mlxreg.c
+++ b/drivers/leds/leds-mlxreg.c
@@ -228,8 +228,8 @@ static int mlxreg_led_config(struct mlxreg_led_priv_data *priv)
brightness = LED_OFF;
led_data->base_color = MLXREG_LED_GREEN_SOLID;
}
- sprintf(led_data->led_cdev_name, "%s:%s", "mlxreg",
- data->label);
+ snprintf(led_data->led_cdev_name, sizeof(led_data->led_cdev_name),
+ "mlxreg:%s", data->label);
led_cdev->name = led_data->led_cdev_name;
led_cdev->brightness = brightness;
led_cdev->max_brightness = LED_ON;
--
2.21.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow
2019-10-16 7:24 [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow Oleh Kravchenko
@ 2019-11-04 9:09 ` Pavel Machek
2019-11-04 14:31 ` Oleh Kravchenko
0 siblings, 1 reply; 3+ messages in thread
From: Pavel Machek @ 2019-11-04 9:09 UTC (permalink / raw)
To: Oleh Kravchenko; +Cc: linux-leds, Jacek Anaszewski
[-- Attachment #1: Type: text/plain, Size: 1318 bytes --]
On Wed 2019-10-16 10:24:30, Oleh Kravchenko wrote:
> Error was detected by PVS-Studio:
> V512 A call of the 'sprintf' function will lead to overflow of
> the buffer 'led_data->led_cdev_name'.
>
> Acked-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
> Acked-by: Pavel Machek <pavel@ucw.cz>
> Signed-off-by: Oleh Kravchenko <oleg@kaa.org.ua>
Thanks for resend, and sorry for the delay.
Note that this would only be security issue if someone did malicious
device tree... so... not a security issue :-).
Applied.
Pavel
> index cabe379071a7..82aea1cd0c12 100644
> --- a/drivers/leds/leds-mlxreg.c
> +++ b/drivers/leds/leds-mlxreg.c
> @@ -228,8 +228,8 @@ static int mlxreg_led_config(struct mlxreg_led_priv_data *priv)
> brightness = LED_OFF;
> led_data->base_color = MLXREG_LED_GREEN_SOLID;
> }
> - sprintf(led_data->led_cdev_name, "%s:%s", "mlxreg",
> - data->label);
> + snprintf(led_data->led_cdev_name, sizeof(led_data->led_cdev_name),
> + "mlxreg:%s", data->label);
> led_cdev->name = led_data->led_cdev_name;
> led_cdev->brightness = brightness;
> led_cdev->max_brightness = LED_ON;
> --
> 2.21.0
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow
2019-11-04 9:09 ` Pavel Machek
@ 2019-11-04 14:31 ` Oleh Kravchenko
0 siblings, 0 replies; 3+ messages in thread
From: Oleh Kravchenko @ 2019-11-04 14:31 UTC (permalink / raw)
To: Pavel Machek; +Cc: linux-leds, Jacek Anaszewski
Hello Pavel,
On 04.11.19 11:09, Pavel Machek wrote:
> On Wed 2019-10-16 10:24:30, Oleh Kravchenko wrote:
>> Error was detected by PVS-Studio:
>> V512 A call of the 'sprintf' function will lead to overflow of
>> the buffer 'led_data->led_cdev_name'.
>>
>> Acked-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
>> Acked-by: Pavel Machek <pavel@ucw.cz>
>> Signed-off-by: Oleh Kravchenko <oleg@kaa.org.ua>
> Thanks for resend, and sorry for the delay.
>
> Note that this would only be security issue if someone did malicious
> device tree... so... not a security issue :-).
Agree, very limited case.
But I just want make our kernel more robust and reliable :-)
>
> Applied.
Thanks!
> Pavel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-04 14:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-16 7:24 [RESEND PATCH] leds: mlxreg: Fix possible buffer overflow Oleh Kravchenko
2019-11-04 9:09 ` Pavel Machek
2019-11-04 14:31 ` Oleh Kravchenko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).