bsr: avoid format string leaking into device name
authorKees Cook <keescook@chromium.org>
Tue, 10 Jun 2014 17:51:08 +0000 (10:51 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 9 Jul 2014 23:59:15 +0000 (16:59 -0700)
This makes sure a format string cannot accidentally leak into a device name.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/char/bsr.c

index 8fedbc250414164ca0027af5afd5db2ab02b02ac..a6cef548e01e05d7f89436a9797a831858b60729 100644 (file)
@@ -259,7 +259,7 @@ static int bsr_add_node(struct device_node *bn)
                }
 
                cur->bsr_device = device_create(bsr_class, NULL, cur->bsr_dev,
-                                               cur, cur->bsr_name);
+                                               cur, "%s", cur->bsr_name);
                if (IS_ERR(cur->bsr_device)) {
                        printk(KERN_ERR "device_create failed for %s\n",
                               cur->bsr_name);