On Sun, Jun 08, 2014 at 11:51:43PM +0100, Ben Hutchings wrote:
> snprintf() returns the number of bytes that could have been written
> (excluding the null), not the actual number of bytes written. Given a
> long enough subsystem or device name, these functions will advance
> beyond the end of the on-stack buffer in dev_vprintk_exit(), resulting
> in an information leak or stack corruption. I don't know whether such
> a long name is currently possible.
>
> In case snprintf() returns a value >= the buffer size, do not add
> structured logging information. Also WARN if this happens, so we can
> fix the driver or increase the buffer size.
>
> Signed-off-by: Ben Hutchings <[email protected]>
> ---
> v2: use dev_WARN() not dev_WARN_ON()
This patch breaks the build in a huge way:
drivers/base/core.c: In function ‘create_syslog_header’:
drivers/base/core.c:2049:16: error: expected ‘)’ before numeric constant
dev_WARN(dev, 1, "device/subsystem name too long");
^
is the start of it, it goes on for a page or so after that :(
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
