On Tue, Jan 5, 2016 at 11:45 AM, Viresh Kumar <[email protected]> wrote: > sprintf() can access memory outside of the range of the character array, > and is risky in some situations. The driver specified prop_name string > can be longer than NAME_MAX here (only an attacker will do that though) > and so blindly copying it into the character array of size NAME_MAX > isn't safe. Instead we must use snprintf() here.
Thanks! > Reported-by: Geert Uytterhoeven <[email protected]> > Signed-off-by: Viresh Kumar <[email protected]> Acked-by: Geert Uytterhoeven <[email protected]> Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected] In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
