[PATCH 02/02] linux-next: staging: gdm72xx: Fix naked sscanf
Fix naked sscanf
Signed-off-by: Alexandr Terekhov
diff --git a/drivers/staging/gdm72xx/gdm_wimax.c
b/drivers/staging/gdm72xx/gdm_wimax.c
index 05ce2a2..7f60da3 100644
--- a/drivers/staging/gdm72xx/gdm_wimax.c
+++ b/drivers/staging/gdm72xx/gdm_wimax.c
@@ -285,6 +285,7 @@ static void __gdm_wimax_event_send(struct work_struct *work)
int idx;
unsigned long flags;
struct evt_entry *e;
+ int rc;
spin_lock_irqsave(&wm_event.evt_lock, flags);
@@ -292,7 +293,10 @@ static void __gdm_wimax_event_send(struct work_struct
*work)
e = list_entry(wm_event.evtq.next, struct evt_entry, list);
spin_unlock_irqrestore(&wm_event.evt_lock, flags);
- sscanf(e->dev->name, "wm%d", &idx);
+ rc = sscanf(e->dev->name, "wm%d", &idx);
+ if (0 == rc)
+ pr_err("%s: sscanf() returned zero\n", __func__);
+
netlink_send(wm_event.sock, idx, 0, e->evt_data, e->size);
spin_lock_irqsave(&wm_event.evt_lock, flags);
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
Re: [PATCH 02/02] linux-next: staging: gdm72xx: Fix naked sscanf
On Thu, Apr 17, 2014 at 04:31:44PM +0300, Alexandr Terekhov wrote: > Fix naked sscanf > > Signed-off-by: Alexandr Terekhov > > diff --git a/drivers/staging/gdm72xx/gdm_wimax.c > b/drivers/staging/gdm72xx/gdm_wimax.c > index 05ce2a2..7f60da3 100644 > --- a/drivers/staging/gdm72xx/gdm_wimax.c > +++ b/drivers/staging/gdm72xx/gdm_wimax.c > @@ -285,6 +285,7 @@ static void __gdm_wimax_event_send(struct work_struct > *work) > int idx; > unsigned long flags; > struct evt_entry *e; > + int rc; > > spin_lock_irqsave(&wm_event.evt_lock, flags); > > @@ -292,7 +293,10 @@ static void __gdm_wimax_event_send(struct work_struct > *work) > e = list_entry(wm_event.evtq.next, struct evt_entry, list); > spin_unlock_irqrestore(&wm_event.evt_lock, flags); > > - sscanf(e->dev->name, "wm%d", &idx); > + rc = sscanf(e->dev->name, "wm%d", &idx); > + if (0 == rc) Kernel style is the other way around, or just "if (rc)" ___ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
Re: [PATCH 02/02] linux-next: staging: gdm72xx: Fix naked sscanf
On Thu, Apr 17, 2014 at 04:31:44PM +0300, Alexandr Terekhov wrote:
> Fix naked sscanf
>
> Signed-off-by: Alexandr Terekhov
Sign off with the email you use to send patches so we can at least try
to verify that the are real.
>
> diff --git a/drivers/staging/gdm72xx/gdm_wimax.c
> b/drivers/staging/gdm72xx/gdm_wimax.c
> index 05ce2a2..7f60da3 100644
> --- a/drivers/staging/gdm72xx/gdm_wimax.c
> +++ b/drivers/staging/gdm72xx/gdm_wimax.c
> @@ -285,6 +285,7 @@ static void __gdm_wimax_event_send(struct work_struct
> *work)
> int idx;
> unsigned long flags;
> struct evt_entry *e;
> + int rc;
>
> spin_lock_irqsave(&wm_event.evt_lock, flags);
>
> @@ -292,7 +293,10 @@ static void __gdm_wimax_event_send(struct work_struct
> *work)
> e = list_entry(wm_event.evtq.next, struct evt_entry, list);
> spin_unlock_irqrestore(&wm_event.evt_lock, flags);
>
> - sscanf(e->dev->name, "wm%d", &idx);
> + rc = sscanf(e->dev->name, "wm%d", &idx);
> + if (0 == rc)
> + pr_err("%s: sscanf() returned zero\n", __func__);
This is bad. It lets the user fill up the log with error messages
(Denial of Service attack). And it is not useful because it just prints
the message but still uses the bogus idx on the next line so it would
crash.
> +
> netlink_send(wm_event.sock, idx, 0, e->evt_data, e->size);
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
