[PATCH] rsi: avoid format string leak to thread name

From: Kees Cook
Date: Thu May 22 2014 - 14:49:15 EST

Next message: Fabian Frederick: "Re: [PATCH 1/1] drivers/scsi/tmscsim.c: replace shift loop by ilog2"
Previous message: Paul Zimmerman: "RE: [PATCH] DWC2: intializes the spin_lock earlier in the probe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since the rsi_create_kthread interface does not include any format
string arguments, make sure that the resulting thread name can never
accidentally process the name as a format string.

Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
drivers/net/wireless/rsi/rsi_common.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/rsi/rsi_common.h b/drivers/net/wireless/rsi/rsi_common.h
index f2f70784d4ad..d3fbe33d2324 100644
--- a/drivers/net/wireless/rsi/rsi_common.h
+++ b/drivers/net/wireless/rsi/rsi_common.h
@@ -63,7 +63,7 @@ static inline int rsi_create_kthread(struct rsi_common *common,
u8 *name)
{
init_completion(&thread->completion);
- thread->task = kthread_run(func_ptr, common, name);
+ thread->task = kthread_run(func_ptr, common, "%s", name);
if (IS_ERR(thread->task))
return (int)PTR_ERR(thread->task);

--
1.7.9.5

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Fabian Frederick: "Re: [PATCH 1/1] drivers/scsi/tmscsim.c: replace shift loop by ilog2"
Previous message: Paul Zimmerman: "RE: [PATCH] DWC2: intializes the spin_lock earlier in the probe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]