[PATCH] net/9p: fix format string in p9_mount_tag_show()

From: Andrey Ryabinin
Date: Mon Jan 26 2015 - 11:48:35 EST

Next message: Lars-Peter Clausen: "Re: [alsa-devel] [PATCH v2 1/3] ASoC: codecs: wm8904: add dt ids table"
Previous message: Andreas FÃrber: "[PATCH] pinctrl: zynq: Fix usb0 pins"
Next in thread: Andrey Ryabinin: "Re: [PATCH] net/9p: fix format string in p9_mount_tag_show()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Using "%s" for non-NULL terminated string is quite
dangerous, since this causes reading out of bounds.
chan->tag is non-NULL terminated, so precision
must be specified for printing it.

Fixes: 86c8437383ac ("net/9p: Add sysfs mount_tag file for virtio 9P device")
Signed-off-by: Andrey Ryabinin <a.ryabinin@xxxxxxxxxxx>
---
net/9p/trans_virtio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index daa749c..f0d5f90 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -504,7 +504,8 @@ static ssize_t p9_mount_tag_show(struct device *dev,
vdev = dev_to_virtio(dev);
chan = vdev->priv;

- return snprintf(buf, chan->tag_len + 1, "%s", chan->tag);
+ return snprintf(buf, chan->tag_len + 1, "%.*s",
+ chan->tag_len, chan->tag);
}

static DEVICE_ATTR(mount_tag, 0444, p9_mount_tag_show, NULL);
--
2.2.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lars-Peter Clausen: "Re: [alsa-devel] [PATCH v2 1/3] ASoC: codecs: wm8904: add dt ids table"
Previous message: Andreas FÃrber: "[PATCH] pinctrl: zynq: Fix usb0 pins"
Next in thread: Andrey Ryabinin: "Re: [PATCH] net/9p: fix format string in p9_mount_tag_show()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]