Re: [PATCH 2/5] scsi: BusLogic: Avoid unbounded `vsprintf' use

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/14/21 4:39 PM, Maciej W. Rozycki wrote:
> Existing `blogic_msg' invocations do not appear to overrun its internal 
> buffer of a fixed length of 100, which would cause stack corruption, but 
> it's easy to miss with possible further updates and a fix is cheap in 
> performance terms, so limit the output produced into the buffer by using 
> `vsnprintf' rather than `vsprintf'.
> 
> Signed-off-by: Maciej W. Rozycki <macro@xxxxxxxxxxx>
> ---
>  drivers/scsi/BusLogic.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> linux-buslogic-vsnprintf.diff
> Index: linux-macro-ide/drivers/scsi/BusLogic.c
> ===================================================================
> --- linux-macro-ide.orig/drivers/scsi/BusLogic.c
> +++ linux-macro-ide/drivers/scsi/BusLogic.c
> @@ -3588,7 +3588,7 @@ static void blogic_msg(enum blogic_msgle
>  	int len = 0;
>  
>  	va_start(args, adapter);
> -	len = vsprintf(buf, fmt, args);
> +	len = vsnprintf(buf, sizeof(buf), fmt, args);
>  	va_end(args);
>  	if (msglevel == BLOGIC_ANNOUNCE_LEVEL) {
>  		static int msglines = 0;
> 

As Maciej explained in other email that snprintf() does null-terminate
the string, I think this change is fine.

Acked-by: Khalid Aziz <khalid@xxxxxxxxxxxxxx>



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux