On Wed, Mar 07 2018, Kees Cook <keesc...@chromium.org> wrote:

> On Wed, Mar 7, 2018 at 5:10 AM, Rasmus Villemoes
> <rasmus.villem...@prevas.dk> wrote:
>> On 2018-03-07 06:46, Kees Cook wrote:
>>> The kernel would like to remove all VLA usage. This switches to a
>>> simple kasprintf() instead.
>> It's probably worth pointing out that this actually fixes an
>> unconditional buffer overflow: fullname only has room for the two
>> strings and the '\n', but vsnprintf() is told that the buffer has
>> infinite size (well, INT_MAX), so there should be plenty of room to
>> append the '\0' after the '\n'.
> Oh yes, hah. I didn't even see the \n in the string. :P
> So, both a VLA fix and a buffer over-run fix. Can I add your "Reviewed-by"? :)


Reviewed-by: Rasmus Villemoes <li...@rasmusvillemoes.dk>

A nit, if you're resending anyway: can you move the "char *fullname"
declarations down a bit, to between pv,valid, and lli,rc, respectively?
That keeps the initialized and uninitialized variables nicely together
and ends up looking better.

Reply via email to