Re: [PATCH v3] ipr: fix out-of-bounds null overwrite

From: Martin K. Petersen
Date: Thu Jan 07 2016 - 21:52:38 EST


>>>>> "Insu" == Insu Yun <wuninsu@xxxxxxxxx> writes:

Insu> Return value of snprintf is not bound by size value, 2nd argument.
Insu> (https://www.kernel.org/doc/htmldocs/kernel-api/API-snprintf.html).
Insu> Return value is number of printed chars, can be larger than 2nd
Insu> argument. Therefore, it can write null byte out of bounds
Insu> ofbuffer. Since snprintf puts null, it does not need to put
Insu> additional null byte.

Applied to 4.5/scsi-queue.

--
Martin K. Petersen Oracle Linux Engineering