Re: [PATCH 1/3] gpio: Fix a potential abuse of seq_printf() format string

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi David,

On Wed, Nov 20, 2024 at 10:15 AM David Wang <00107082@xxxxxxx> wrote:
> Using device name as format string of seq_printf() is prone to
> "Format string attack", opens possibility for exploitation.
> Seq_puts() is safer and more efficient.
>
> Signed-off-by: David Wang <00107082@xxxxxxx>

Thanks for your patch!

> --- a/drivers/gpio/gpio-aspeed-sgpio.c
> +++ b/drivers/gpio/gpio-aspeed-sgpio.c
> @@ -420,7 +420,7 @@ static void aspeed_sgpio_irq_print_chip(struct irq_data *d, struct seq_file *p)
>         int offset;
>
>         irqd_to_aspeed_sgpio_data(d, &gpio, &bank, &bit, &offset);
> -       seq_printf(p, dev_name(gpio->dev));
> +       seq_puts(p, dev_name(gpio->dev));

If we want to add the missing space here, the code has to be changed
to use seq_printf(..., " %s", ...) again.

However, it might be simpler to move this to the core. I.e. add an
unconditional seq_putc(p, ' ') to show_interrupts()[1], and drop the
spaces from all callbacks and from the fallbacks in show_interrupts().

[1] https://elixir.bootlin.com/linux/v6.12/source/kernel/irq/proc.c#L503

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
[Index of Archives]     [Linux SPI]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux