On Tue, Feb 08, 2022 at 02:49:37PM +0300, Sergey Shtylyov wrote: > On 2/8/22 2:21 PM, Greg Kroah-Hartman wrote: > > >> sprintf() (still used in the USB core for the sysfs output) is vulnerable > >> to the buffer overflow. > > > > Really? Where? If we have potential overflows, let's fix them as bug > > fixes and properly backport the fixes where needed. > > I must admit I didn't found any real overflows in my quick triage... Then please do not scare people by saying otherwise. > > > If these really are just using the "old-style" functions instead, then > > that's something totally different and you should not say "vulnerable" > > if it really is not at all. > > Isn't sprint() generally considered harmful? :-) For sysfs files that have a known size (PAGE_SIZE) with a single value like this, no, it's not harmful. > >> Use the new-fangled sysfs_emit() instead. > >> > >> Found by Linux Verification Center (linuxtesting.org) with the SVACE static > >> analysis tool. > > > > You mean coccinelle, right? > > Do you think coccinelle is the only code analyzer in this world? :-) No, but it has a built-in rule for this already, why not just use that to find these types of things? > I told you I was using SVACE (made by Russian Institute of the System Programming). Nice, where is the rule for this with that tool? thanks, greg k-h
