From: "Chen-Yu Tsai (Moxa)" <wens@csie.org>
To: nobuhiro1.iwamatsu@toshiba.co.jp, pavel@denx.de
Cc: cip-dev@lists.cip-project.org, JohnsonCH.Chen@moxa.com
Subject: [cip-dev] [PATCH 4.4.y-cip v2 11/15] PM / OPP: Use snprintf() instead of sprintf()
Date: Mon, 8 Jun 2020 17:30:24 +0800 [thread overview]
Message-ID: <20200608093028.21612-12-wens@csie.org> (raw)
In-Reply-To: <20200608093028.21612-1-wens@csie.org>
[-- Attachment #1: Type: text/plain, Size: 1834 bytes --]
From: Viresh Kumar <viresh.kumar@linaro.org>
commit 5ff24d601092b222340b28466e263b1c4559407e upstream.
sprintf() can access memory outside of the range of the character array,
and is risky in some situations. The driver specified prop_name string
can be longer than NAME_MAX here (only an attacker will do that though)
and so blindly copying it into the character array of size NAME_MAX
isn't safe. Instead we must use snprintf() here.
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Chen-Yu Tsai (Moxa) <wens@csie.org>
---
drivers/base/power/opp/core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c
index 504a6d4e46723..1e0a2ddf73323 100644
--- a/drivers/base/power/opp/core.c
+++ b/drivers/base/power/opp/core.c
@@ -808,7 +808,8 @@ static int opp_parse_supplies(struct dev_pm_opp *opp, struct device *dev,
/* Search for "opp-microvolt-<name>" */
if (dev_opp->prop_name) {
- sprintf(name, "opp-microvolt-%s", dev_opp->prop_name);
+ snprintf(name, sizeof(name), "opp-microvolt-%s",
+ dev_opp->prop_name);
prop = of_find_property(opp->np, name, NULL);
}
@@ -855,7 +856,8 @@ static int opp_parse_supplies(struct dev_pm_opp *opp, struct device *dev,
/* Search for "opp-microamp-<name>" */
prop = NULL;
if (dev_opp->prop_name) {
- sprintf(name, "opp-microamp-%s", dev_opp->prop_name);
+ snprintf(name, sizeof(name), "opp-microamp-%s",
+ dev_opp->prop_name);
prop = of_find_property(opp->np, name, NULL);
}
--
2.27.0.rc0
[-- Attachment #2: Type: text/plain, Size: 419 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4742): https://lists.cip-project.org/g/cip-dev/message/4742
Mute This Topic: https://lists.cip-project.org/mt/74748502/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2020-06-08 9:30 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-08 9:30 [cip-dev] [PATCH 4.4.y-cip v2 00/15] PM / OPP v2 & cpufreq backports part 1 Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 01/15] PM / OPP: Add debugfs support Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 02/15] PM / OPP: Add "opp-supported-hw" binding Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 03/15] PM / OPP: Add {opp-microvolt|opp-microamp}-<name> binding Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 04/15] PM / OPP: Remove 'operating-points-names' binding Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 05/15] PM / OPP: Rename OPP nodes as opp@<opp-hz> Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 06/15] PM / OPP: Add missing doc comments Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 07/15] PM / OPP: Parse 'opp-supported-hw' binding Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 08/15] PM / OPP: Parse 'opp-<prop>-<name>' bindings Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 09/15] PM / OPP: Fix parsing of opp-microvolt and opp-microamp properties Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 10/15] PM / OPP: Set cpu_dev->id in cpumask first Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` Chen-Yu Tsai (Moxa) [this message]
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 12/15] devicetree: bindings: Add optional dynamic-power-coefficient property Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 13/15] cpufreq-dt: Supply power coefficient when registering cooling devices Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 14/15] cpufreq-dt: fix handling regulator_get_voltage() result Chen-Yu Tsai (Moxa)
2020-06-08 9:30 ` [cip-dev] [PATCH 4.4.y-cip v2 15/15] cpufreq: cpufreq-dt: avoid uninitialized variable warnings: Chen-Yu Tsai (Moxa)
2020-06-08 21:37 ` [cip-dev] [PATCH 4.4.y-cip v2 00/15] PM / OPP v2 & cpufreq backports part 1 Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2020-06-08 9:14 Chen-Yu Tsai (Moxa)
2020-06-08 9:14 ` [cip-dev] [PATCH 4.4.y-cip v2 11/15] PM / OPP: Use snprintf() instead of sprintf() Chen-Yu Tsai (Moxa)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200608093028.21612-12-wens@csie.org \
--to=wens@csie.org \
--cc=JohnsonCH.Chen@moxa.com \
--cc=cip-dev@lists.cip-project.org \
--cc=nobuhiro1.iwamatsu@toshiba.co.jp \
--cc=pavel@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.