diff options
| author | Kees Cook <keescook@chromium.org> | 2013-10-25 09:14:43 -0400 |
|---|---|---|
| committer | Michal Marek <mmarek@suse.cz> | 2013-11-06 16:30:03 -0500 |
| commit | 849464d1ba97a13b388fee9a69fbbeee175b349c (patch) | |
| tree | 155fa37c210749cb9e17304213d5648a4403bd7b /scripts/mod | |
| parent | 21cf6e584ce35b79374581e6344dd7c74f8b4a2b (diff) | |
kbuild: replace unbounded sprintf call in modpost
The modpost tool could overflow its stack buffer if someone was running
with an insane shell environment. Regardless, it's technically a bug,
so this fixes it to truncate the string instead of seg-faulting.
Found by Coverity.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Diffstat (limited to 'scripts/mod')
| -rw-r--r-- | scripts/mod/sumversion.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c index 9dfcd6d988da..deb2994b04c4 100644 --- a/scripts/mod/sumversion.c +++ b/scripts/mod/sumversion.c | |||
| @@ -416,7 +416,7 @@ void get_src_version(const char *modname, char sum[], unsigned sumlen) | |||
| 416 | basename = strrchr(modname, '/') + 1; | 416 | basename = strrchr(modname, '/') + 1; |
| 417 | else | 417 | else |
| 418 | basename = modname; | 418 | basename = modname; |
| 419 | sprintf(filelist, "%s/%.*s.mod", modverdir, | 419 | snprintf(filelist, sizeof(filelist), "%s/%.*s.mod", modverdir, |
| 420 | (int) strlen(basename) - 2, basename); | 420 | (int) strlen(basename) - 2, basename); |
| 421 | 421 | ||
| 422 | file = grab_file(filelist, &len); | 422 | file = grab_file(filelist, &len); |