On Sat, 14 Feb 2015, Kees Cook wrote: > Otherwise this could lead for format string interpretation and > information leaks via the mod->name parameter. [ live-patching@ added to CC ] Ah, right, thanks for the report, Kees. From: Jiri Kosina <jkosina@xxxxxxx> Subject: [PATCH] livepatch: fix format string in kobject_init_and_add() kobject_init_and_add() expects format string for a name, so we better provide it in order to avoid infoleaks if modules craft their mod->name in a special way. Reported-by: Fengguang Wu <fengguang.wu@xxxxxxxxx> Reported-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Jiri Kosina <jkosina@xxxxxxx> --- kernel/livepatch/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c index ff7f47d..d62e002 100644 --- a/kernel/livepatch/core.c +++ b/kernel/livepatch/core.c @@ -731,7 +731,7 @@ static int klp_init_func(struct klp_object *obj, struct klp_func *func) func->state = KLP_DISABLED; return kobject_init_and_add(&func->kobj, &klp_ktype_func, - obj->kobj, func->old_name); + obj->kobj, "%s", func->old_name); } /* parts of the initialization that is done only when the object is loaded */ -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe live-patching" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
