projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 21cf6e5)
kbuild: replace unbounded sprintf call in modpost
authorKees Cook <keescook@chromium.org>
Fri, 25 Oct 2013 13:14:43 +0000 (06:14 -0700)
committerMichal Marek <mmarek@suse.cz>
Wed, 6 Nov 2013 21:30:03 +0000 (22:30 +0100)
The modpost tool could overflow its stack buffer if someone was running
with an insane shell environment. Regardless, it's technically a bug,
so this fixes it to truncate the string instead of seg-faulting.

Found by Coverity.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
scripts/mod/sumversion.c patch | blob | blame | history

diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c
index 9dfcd6d988dacaacebef7b91cd51a024618bfb00..deb2994b04c4952d48300e8c4c38a43cf462828b 100644 (file)
--- a/scripts/mod/sumversion.c
+++ b/scripts/mod/sumversion.c
@@ -416,7 +416,7 @@ void get_src_version(const char *modname, char sum[], unsigned sumlen)
                basename = strrchr(modname, '/') + 1;
        else
                basename = modname;
-       sprintf(filelist, "%s/%.*s.mod", modverdir,
+       snprintf(filelist, sizeof(filelist), "%s/%.*s.mod", modverdir,
                (int) strlen(basename) - 2, basename);
 
        file = grab_file(filelist, &len);