On Wed, 2013-09-11 at 12:25 -0700, Kees Cook wrote:
> On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches wrote:
> > On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
> >> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
> >> wrote:
> >> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
> >
On Wed, Sep 11, 2013 at 12:45 PM, Joe Perches wrote:
> On Wed, 2013-09-11 at 12:25 -0700, Kees Cook wrote:
>> On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches wrote:
>> > On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
>> >> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
>> >> wrote:
>> >> > O
On Wed, Sep 11, 2013 at 11:19:11AM -0700, Kees Cook wrote:
> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
> wrote:
> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
> >> In the former case, format characters will get processed by the
> >> sprintf logic. In the latter, they are prin
> * %n is ignored
Really it should trigger a WARN_ON_ONCE(). There is code like
show_console_dev() which relies on it to work. If we ignore %n it
causes another bug.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://d
On Wed, Sep 11, 2013 at 12:22 PM, Dan Carpenter
wrote:
> On Wed, Sep 11, 2013 at 11:19:11AM -0700, Kees Cook wrote:
>> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
>> wrote:
>> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
>> >> In the former case, format characters will get pro
On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches wrote:
> On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
>> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
>> wrote:
>> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
>> >> In the former case, format characters will get processed by
On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
> wrote:
> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
> >> In the former case, format characters will get processed by the
> >> sprintf logic. In the latter, they are printed as-
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter wrote:
> On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
>> In the former case, format characters will get processed by the
>> sprintf logic. In the latter, they are printed as-is. In this specific
>> case, if there was a way to inject stri
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
> In the former case, format characters will get processed by the
> sprintf logic. In the latter, they are printed as-is. In this specific
> case, if there was a way to inject strings like "ohai %n" into the
> msgbuf string, the former woul
On Tue, 2013-09-10 at 21:41 -0700, Kees Cook wrote:
> Make sure that format strings cannot leak into printk() calls from the
> msgbuf string.
printf(string);
vs
printf("%s", string);
How does this help?
___
devel mailing list
de...@lin
On Tue, Sep 10, 2013 at 10:00 PM, Joe Perches wrote:
> On Tue, 2013-09-10 at 21:41 -0700, Kees Cook wrote:
>> Make sure that format strings cannot leak into printk() calls from the
>> msgbuf string.
>
> printf(string);
> vs
> printf("%s", string);
>
> How does this help?
In the fo
Make sure that format strings cannot leak into printk() calls from the
msgbuf string.
Signed-off-by: Kees Cook
---
drivers/staging/dgnc/dgnc_driver.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/dgnc/dgnc_driver.c
b/drivers/staging/dgnc/dgnc_driver.
12 matches
Mail list logo
