ACK/Cmnt: [SRU][F:linux-bluefield][PATCH v2 0/1] UBUNTU: SAUCE: Fix references to sprintf that may cause buffer overflow
Jitendra Lanka
jlanka at nvidia.com
Thu Jan 27 18:37:16 UTC 2022
Apologies for not including this in the cover letter.
v1--> v2:
Updated the if condition to check if the resulting buf size is less or equal to PAGE_SIZE to offset for the \0 required for string operations.
-Jitendra
-----Original Message-----
From: Tim Gardner <tim.gardner at canonical.com>
Sent: Thursday, January 27, 2022 12:17 PM
To: Jitendra Lanka <jlanka at nvidia.com>; kernel-team at lists.ubuntu.com
Cc: Meriton Tuli <meriton at nvidia.com>; Khoa Vo <khoav at nvidia.com>
Subject: ACK/Cmnt: [SRU][F:linux-bluefield][PATCH v2 0/1] UBUNTU: SAUCE: Fix references to sprintf that may cause buffer overflow
External email: Use caution opening links or attachments
Acked-by: Tim Gardner <tim.gardner at canonical.com>
It is customary to describe the differences from v1 -- >v2, etc.
On 1/27/22 9:16 AM, Jitendra Lanka wrote:
> BugLink: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.launchpad.net%2Fbugs%2F1959119&data=04%7C01%7Cjlanka%40nvidia.com%7C3f5478df773e4dd01bb308d9e1c12bee%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637789042059997126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=hSG2XMBDpmgPvbSZkJQZv6%2F9tBluc6OM7wXYf62Uf7Q%3D&reserved=0
>
> SRU Justification:
>
> [Impact]
> Fix references to sprintf that have a possibility for buffer overflow
>
> [Fix]
> Replace sprintf with snprintf containing a defined boundary of PAGE_SIZE for sysfs store/show functions and max array size defined otherwise.
>
> [Test Case]
> Existing testcases should work as is as no functional change has been introduced by this patch.
>
> [Regression Potential]
> Regression potential can be considered minimal since the patch does not change any function of the driver other than limiting the upper bound of sprintf where the usual lengths parsed are < PAGE_SIZE and requests > PAGE_SIZE are limited.
>
>
> Jitendra Lanka (1):
> Fix references to sprintf that may cause buffer overflow
>
> drivers/platform/mellanox/mlxbf-pmc.c | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list