From: Markus Elfring > Sent: 02 July 2019 20:01 > > From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> > Date: Tue, 2 Jul 2019 20:52:21 +0200 > > Two strings which did not contain a data format specification should be put > into a sequence. Thus use the corresponding function “seq_puts”. > > This issue was detected by using the Coccinelle software. The two calls are almost certainly absolutely equivalent. So this is probably just a minor performance improvement in a code path where it really doesn't matter. > Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> > --- > security/integrity/ima/ima_template_lib.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c > index 9fe0ef7f91e2..05636e9b19b1 100644 > --- a/security/integrity/ima/ima_template_lib.c > +++ b/security/integrity/ima/ima_template_lib.c > @@ -74,7 +74,7 @@ static void ima_show_template_data_ascii(struct seq_file *m, > case DATA_FMT_DIGEST_WITH_ALGO: > buf_ptr = strnchr(field_data->data, buflen, ':'); > if (buf_ptr != field_data->data) > - seq_printf(m, "%s", field_data->data); > + seq_puts(m, field_data->data); > > /* skip ':' and '\0' */ > buf_ptr += 2; That code looks highly suspect! It uses a bounded scan then assumes a '\0' terminated string. It then adds 2 to a potentially NULL pointer. About typical for 'security' code :-) David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
