[PATCH] kernel/cpu: fix: use scnprintf or sprintf.
From: YANG LI
Date: Tue Dec 22 2020 - 04:12:44 EST
The snprintf() function returns the number of characters which would
have been printed if there were enough space, but the scnprintf()
returns the number of characters which were actually printed. If the
buffer is not large enough, then using snprintf() would result in a
read overflow and an information leak.
Signed-off-by: YANG LI <abaci-bugfix@xxxxxxxxxxxxxxxxx>
Reported-by: Abaci <abaci@xxxxxxxxxxxxxxxxx>
---
kernel/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 4e11e91..c123741 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2345,7 +2345,7 @@ static ssize_t show_cpuhp_states(struct device *dev,
{
const char *state = smt_states[cpu_smt_control];
- return snprintf(buf, PAGE_SIZE - 2, "%s\n", state);
+ return scnprintf(buf, PAGE_SIZE - 2, "%s\n", state);
}
static ssize_t
--
1.8.3.1