[PATCH] kbuild: replace unbounded sprintf call in modpost

From: Kees Cook
Date: Fri Oct 25 2013 - 09:14:54 EST

The modpost tool could overflow its stack buffer if someone was running
with an insane shell environment. Regardless, it's technically a bug,
so this fixes it to truncate the string instead of seg-faulting.

Found by Coverity.

Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
scripts/mod/sumversion.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c
index 9dfcd6d988da..deb2994b04c4 100644
--- a/scripts/mod/sumversion.c
+++ b/scripts/mod/sumversion.c
@@ -416,7 +416,7 @@ void get_src_version(const char *modname, char sum[], unsigned sumlen)
basename = strrchr(modname, '/') + 1;
basename = modname;
- sprintf(filelist, "%s/%.*s.mod", modverdir,
+ snprintf(filelist, sizeof(filelist), "%s/%.*s.mod", modverdir,
(int) strlen(basename) - 2, basename);

file = grab_file(filelist, &len);

Kees Cook
Chrome OS Security
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/