On Thu, Apr 17, 2014 at 04:31:44PM +0300, Alexandr Terekhov wrote:
> Fix naked sscanf
>
> Signed-off-by: Alexandr Terekhov <Alexandr_Terekhov@xxxxxxxx>
Sign off with the email you use to send patches so we can at least try
to verify that the are real.
>
> diff --git a/drivers/staging/gdm72xx/gdm_wimax.c b/drivers/staging/gdm72xx/gdm_wimax.c
> index 05ce2a2..7f60da3 100644
> --- a/drivers/staging/gdm72xx/gdm_wimax.c
> +++ b/drivers/staging/gdm72xx/gdm_wimax.c
> @@ -285,6 +285,7 @@ static void __gdm_wimax_event_send(struct work_struct *work)
> int idx;
> unsigned long flags;
> struct evt_entry *e;
> + int rc;
>
> spin_lock_irqsave(&wm_event.evt_lock, flags);
>
> @@ -292,7 +293,10 @@ static void __gdm_wimax_event_send(struct work_struct *work)
> e = list_entry(wm_event.evtq.next, struct evt_entry, list);
> spin_unlock_irqrestore(&wm_event.evt_lock, flags);
>
> - sscanf(e->dev->name, "wm%d", &idx);
> + rc = sscanf(e->dev->name, "wm%d", &idx);
> + if (0 == rc)
> + pr_err("%s: sscanf() returned zero\n", __func__);
This is bad. It lets the user fill up the log with error messages
(Denial of Service attack). And it is not useful because it just prints
the message but still uses the bogus idx on the next line so it would
crash.
> +
> netlink_send(wm_event.sock, idx, 0, e->evt_data, e->size);
regards,
dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
