On Wed, Sep 11, 2013 at 12:45 PM, Joe Perches wrote:
> On Wed, 2013-09-11 at 12:25 -0700, Kees Cook wrote:
>> On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches wrote:
>> > On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
>> >> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
>> >> wrote:
>> >> >
On Wed, 2013-09-11 at 12:25 -0700, Kees Cook wrote:
> On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches wrote:
> > On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
> >> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
> >> wrote:
> >> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
>
On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches wrote:
> On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
>> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
>> wrote:
>> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
>> >> In the former case, format characters will get processed
> * %n is ignored
Really it should trigger a WARN_ON_ONCE(). There is code like
show_console_dev() which relies on it to work. If we ignore %n it
causes another bug.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
On Wed, Sep 11, 2013 at 12:22 PM, Dan Carpenter
wrote:
> On Wed, Sep 11, 2013 at 11:19:11AM -0700, Kees Cook wrote:
>> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
>> wrote:
>> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
>> >> In the former case, format characters will get
On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
> wrote:
> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
> >> In the former case, format characters will get processed by the
> >> sprintf logic. In the latter, they are printed
On Wed, Sep 11, 2013 at 11:19:11AM -0700, Kees Cook wrote:
> On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
> wrote:
> > On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
> >> In the former case, format characters will get processed by the
> >> sprintf logic. In the latter, they are
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter wrote:
> On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
>> In the former case, format characters will get processed by the
>> sprintf logic. In the latter, they are printed as-is. In this specific
>> case, if there was a way to inject
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
> In the former case, format characters will get processed by the
> sprintf logic. In the latter, they are printed as-is. In this specific
> case, if there was a way to inject strings like "ohai %n" into the
> msgbuf string, the former
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
In the former case, format characters will get processed by the
sprintf logic. In the latter, they are printed as-is. In this specific
case, if there was a way to inject strings like ohai %n into the
msgbuf string, the former would
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter dan.carpen...@oracle.com wrote:
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
In the former case, format characters will get processed by the
sprintf logic. In the latter, they are printed as-is. In this specific
case, if there was a
On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter dan.carpen...@oracle.com
wrote:
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
In the former case, format characters will get processed by the
sprintf logic. In the latter, they
On Wed, Sep 11, 2013 at 11:19:11AM -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter dan.carpen...@oracle.com
wrote:
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
In the former case, format characters will get processed by the
sprintf logic. In the
On Wed, Sep 11, 2013 at 12:22 PM, Dan Carpenter
dan.carpen...@oracle.com wrote:
On Wed, Sep 11, 2013 at 11:19:11AM -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter dan.carpen...@oracle.com
wrote:
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
In the former
* %n is ignored
Really it should trigger a WARN_ON_ONCE(). There is code like
show_console_dev() which relies on it to work. If we ignore %n it
causes another bug.
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to
On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches j...@perches.com wrote:
On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter dan.carpen...@oracle.com
wrote:
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
In the former case, format
On Wed, 2013-09-11 at 12:25 -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches j...@perches.com wrote:
On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter dan.carpen...@oracle.com
wrote:
On Tue, Sep 10, 2013 at 10:19:17PM
On Wed, Sep 11, 2013 at 12:45 PM, Joe Perches j...@perches.com wrote:
On Wed, 2013-09-11 at 12:25 -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches j...@perches.com wrote:
On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter
On Tue, Sep 10, 2013 at 10:00 PM, Joe Perches wrote:
> On Tue, 2013-09-10 at 21:41 -0700, Kees Cook wrote:
>> Make sure that format strings cannot leak into printk() calls from the
>> msgbuf string.
>
> printf(string);
> vs
> printf("%s", string);
>
> How does this help?
In the
On Tue, 2013-09-10 at 21:41 -0700, Kees Cook wrote:
> Make sure that format strings cannot leak into printk() calls from the
> msgbuf string.
printf(string);
vs
printf("%s", string);
How does this help?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel"
Make sure that format strings cannot leak into printk() calls from the
msgbuf string.
Signed-off-by: Kees Cook
---
drivers/staging/dgnc/dgnc_driver.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/dgnc/dgnc_driver.c
Make sure that format strings cannot leak into printk() calls from the
msgbuf string.
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/staging/dgnc/dgnc_driver.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/dgnc/dgnc_driver.c
On Tue, 2013-09-10 at 21:41 -0700, Kees Cook wrote:
Make sure that format strings cannot leak into printk() calls from the
msgbuf string.
printf(string);
vs
printf(%s, string);
How does this help?
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the
On Tue, Sep 10, 2013 at 10:00 PM, Joe Perches j...@perches.com wrote:
On Tue, 2013-09-10 at 21:41 -0700, Kees Cook wrote:
Make sure that format strings cannot leak into printk() calls from the
msgbuf string.
printf(string);
vs
printf(%s, string);
How does this help?
In
24 matches
Mail list logo