LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] net/9p: fix format string in p9_mount_tag_show()
@ 2015-01-26 16:48 Andrey Ryabinin
       [not found] ` <063D6719AE5E284EB5DD2968C1650D6D1CAD302F@AcuExch.aculab.com>
  2015-01-27 13:00 ` [PATCH] net/9p: use memcpy() instead of snprintf() " Andrey Ryabinin
  0 siblings, 2 replies; 3+ messages in thread
From: Andrey Ryabinin @ 2015-01-26 16:48 UTC (permalink / raw)
  To: linux-kernel
  Cc: Aneesh Kumar K.V, Eric Van Hensbergen, Ron Minnich,
	Latchesar Ionkov, David S. Miller, v9fs-developer, netdev,
	Andrey Ryabinin

Using "%s" for non-NULL terminated string is quite
dangerous, since this causes reading out of bounds.
chan->tag is non-NULL terminated, so precision
must be specified for printing it.

Fixes: 86c8437383ac ("net/9p: Add sysfs mount_tag file for virtio 9P device")
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
---
 net/9p/trans_virtio.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index daa749c..f0d5f90 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -504,7 +504,8 @@ static ssize_t p9_mount_tag_show(struct device *dev,
 	vdev = dev_to_virtio(dev);
 	chan = vdev->priv;
 
-	return snprintf(buf, chan->tag_len + 1, "%s", chan->tag);
+	return snprintf(buf, chan->tag_len + 1, "%.*s",
+			chan->tag_len, chan->tag);
 }
 
 static DEVICE_ATTR(mount_tag, 0444, p9_mount_tag_show, NULL);
-- 
2.2.2


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-01-27 13:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-26 16:48 [PATCH] net/9p: fix format string in p9_mount_tag_show() Andrey Ryabinin
     [not found] ` <063D6719AE5E284EB5DD2968C1650D6D1CAD302F@AcuExch.aculab.com>
2015-01-26 17:28   ` Andrey Ryabinin
2015-01-27 13:00 ` [PATCH] net/9p: use memcpy() instead of snprintf() " Andrey Ryabinin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).