[PATCH] scsi_dh: avoid allowing dh_state to pass format specs when requesting a module

From: Sasha Levin
Date: Wed Sep 23 2015 - 21:08:55 EST

Next message: Davidlohr Bueso: "[PATCH v2] locking/rwsem: Use acquire/release semantics"
Previous message: Davidlohr Bueso: "[PATCH v2] locking/rtmutex: Use acquire/release semantics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A malicious string passed from userspace might contain format specifiers which
request_module() might try to handle, which is bad.

Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx>
---
drivers/scsi/scsi_dh.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/scsi_dh.c b/drivers/scsi/scsi_dh.c
index edb044a..24be260 100644
--- a/drivers/scsi/scsi_dh.c
+++ b/drivers/scsi/scsi_dh.c
@@ -111,7 +111,7 @@ static struct scsi_device_handler *scsi_dh_lookup(const char *name)

dh = __scsi_dh_lookup(name);
if (!dh) {
- request_module(name);
+ request_module("%s", name);
dh = __scsi_dh_lookup(name);
}

--
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Davidlohr Bueso: "[PATCH v2] locking/rwsem: Use acquire/release semantics"
Previous message: Davidlohr Bueso: "[PATCH v2] locking/rtmutex: Use acquire/release semantics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]