subject:"\[PATCH v2\] ipr\: fix out\-of\-bounds null overwrite"

[PATCH v2] ipr: fix out-of-bounds null overwrite

2016-01-06 Thread Insu Yun

Return value of snprintf is not bound by size value, 2nd argument. (https://www.kernel.org/doc/htmldocs/kernel-api/API-snprintf.html). Return value is number of printed chars, can be larger than 2nd argument. Therefore, it can write null byte out of bounds ofbuffer. Since snprintf puts null, it

Re: [PATCH v2] ipr: fix out-of-bounds null overwrite

2016-01-06 Thread Matthew R. Ochs

On Jan 6, 2016, at 7:53 AM, Insu Yun wrote: > > Return value of snprintf is not bound by size value, 2nd argument. > (https://www.kernel.org/doc/htmldocs/kernel-api/API-snprintf.html). > Return value is number of printed chars, can be larger than 2nd argument. > Therefore, it