On Wed, Mar 07 2018, Kees Cook <keesc...@chromium.org> wrote: > On Wed, Mar 7, 2018 at 5:10 AM, Rasmus Villemoes > <rasmus.villem...@prevas.dk> wrote: >> On 2018-03-07 06:46, Kees Cook wrote: >>> The kernel would like to remove all VLA usage. This switches to a >>> simple kasprintf() instead. >>> >> >> It's probably worth pointing out that this actually fixes an >> unconditional buffer overflow: fullname only has room for the two >> strings and the '\n', but vsnprintf() is told that the buffer has >> infinite size (well, INT_MAX), so there should be plenty of room to >> append the '\0' after the '\n'. >> > > Oh yes, hah. I didn't even see the \n in the string. :P > > So, both a VLA fix and a buffer over-run fix. Can I add your "Reviewed-by"? :)
Sure, Reviewed-by: Rasmus Villemoes <li...@rasmusvillemoes.dk> A nit, if you're resending anyway: can you move the "char *fullname" declarations down a bit, to between pv,valid, and lli,rc, respectively? That keeps the initialized and uninitialized variables nicely together and ends up looking better.