Re: [PATCH 01/27] modpost: use snprintf() instead of sprintf() for safety
From: Nick Desaulniers
Date: Mon Apr 25 2022 - 14:11:37 EST
On Sun, Apr 24, 2022 at 12:09 PM Masahiro Yamada <masahiroy@xxxxxxxxxx> wrote:
>
> Use snprintf() to avoid the potential buffer overflow, and also
> check the return value to detect the too long path.
>
> Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx>
Thanks for the patch!
Reviewed-by: Nick Desaulniers <ndesaulniers@xxxxxxxxxx>
> ---
>
> scripts/mod/modpost.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> index 522d5249d196..141370ebbfd3 100644
> --- a/scripts/mod/modpost.c
> +++ b/scripts/mod/modpost.c
> @@ -2560,6 +2560,7 @@ int main(int argc, char **argv)
>
> for (mod = modules; mod; mod = mod->next) {
> char fname[PATH_MAX];
> + int ret;
>
> if (mod->is_vmlinux || mod->from_dump)
> continue;
> @@ -2578,7 +2579,12 @@ int main(int argc, char **argv)
> add_moddevtable(&buf, mod);
> add_srcversion(&buf, mod);
>
> - sprintf(fname, "%s.mod.c", mod->name);
> + ret = snprintf(fname, sizeof(fname), "%s.mod.c", mod->name);
> + if (ret >= sizeof(fname)) {
> + error("%s: too long path was truncated\n", fname);
> + continue;
> + }
> +
> write_if_changed(&buf, fname);
> }
>
> --
> 2.32.0
>
--
Thanks,
~Nick Desaulniers