[PATCH v4 07/13] ima: Use snprintf() in create_securityfs_measurement_lists

Roberto Sassu Thu, 26 Mar 2026 10:39:59 -0700

From: Roberto Sassu <[email protected]>

Use the more secure snprintf() function (accepting the buffer size) in
create_securityfs_measurement_lists().


No functional change: sprintf() and snprintf() have the same behavior.

Link: https://github.com/linux-integrity/linux/issues/1
Signed-off-by: Roberto Sassu <[email protected]>
---
 security/integrity/ima/ima_fs.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 68edea7139d5..7709a4576322 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -472,11 +472,13 @@ static int __init 
create_securityfs_measurement_lists(void)
                struct dentry *dentry;
 
                if (algo == HASH_ALGO__LAST)
-                       sprintf(file_name, 
"ascii_runtime_measurements_tpm_alg_%x",
-                               ima_tpm_chip->allocated_banks[i].alg_id);
+                       snprintf(file_name, sizeof(file_name),
+                                "ascii_runtime_measurements_tpm_alg_%x",
+                                ima_tpm_chip->allocated_banks[i].alg_id);
                else
-                       sprintf(file_name, "ascii_runtime_measurements_%s",
-                               hash_algo_name[algo]);
+                       snprintf(file_name, sizeof(file_name),
+                                "ascii_runtime_measurements_%s",
+                                hash_algo_name[algo]);
                dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP,
                                                ima_dir, (void *)(uintptr_t)i,
                                                &ima_ascii_measurements_ops);
@@ -484,11 +486,13 @@ static int __init 
create_securityfs_measurement_lists(void)
                        return PTR_ERR(dentry);
 
                if (algo == HASH_ALGO__LAST)
-                       sprintf(file_name, 
"binary_runtime_measurements_tpm_alg_%x",
-                               ima_tpm_chip->allocated_banks[i].alg_id);
+                       snprintf(file_name, sizeof(file_name),
+                                "binary_runtime_measurements_tpm_alg_%x",
+                                ima_tpm_chip->allocated_banks[i].alg_id);
                else
-                       sprintf(file_name, "binary_runtime_measurements_%s",
-                               hash_algo_name[algo]);
+                       snprintf(file_name, sizeof(file_name),
+                                "binary_runtime_measurements_%s",
+                                hash_algo_name[algo]);
                dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP,
                                                ima_dir, (void *)(uintptr_t)i,
                                                &ima_measurements_ops);
-- 
2.43.0

[PATCH v4 07/13] ima: Use snprintf() in create_securityfs_measurement_lists

Reply via email to