rsi: avoid format string leak to thread name
authorKees Cook <keescook@chromium.org>
Thu, 22 May 2014 18:48:41 +0000 (11:48 -0700)
committerJohn W. Linville <linville@tuxdriver.com>
Thu, 29 May 2014 17:08:10 +0000 (13:08 -0400)
Since the rsi_create_kthread interface does not include any format
string arguments, make sure that the resulting thread name can never
accidentally process the name as a format string.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/rsi/rsi_common.h

index f2f70784d4ade1e3dcccc0d55230385515c4600c..d3fbe33d23244bb37cf287736303365301e2e52e 100644 (file)
@@ -63,7 +63,7 @@ static inline int rsi_create_kthread(struct rsi_common *common,
                                     u8 *name)
 {
        init_completion(&thread->completion);
-       thread->task = kthread_run(func_ptr, common, name);
+       thread->task = kthread_run(func_ptr, common, "%s", name);
        if (IS_ERR(thread->task))
                return (int)PTR_ERR(thread->task);