admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

mmc: core: use sysfs_emit() instead of sprintf()

Browse Source 
sprintf() (still used in the MMC core for the sysfs output) is vulnerable
to the buffer overflow.  Use the new-fangled sysfs_emit() instead.

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.

Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/717729b2-d65b-c72e-9fac-471d28d00b5a@omp.ru
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
This commit is contained in:
Sergey Shtylyov
2022-02-08 15:02:15 +03:00
committed by Ulf Hansson
parent 75a2f412d0
commit f5d8a5fe77
6 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
drivers/mmc/core/sd.c
View File

@@ -13,6 +13,7 @@
#include <linux/stat.h>
#include <linux/pm_runtime.h>
#include <linux/scatterlist.h>
#include <linux/sysfs.h>
#include <linux/mmc/host.h>
#include <linux/mmc/card.h>
@@ -708,18 +709,16 @@ MMC_DEV_ATTR(ocr, "0x%08x\n", card->ocr);
MMC_DEV_ATTR(rca, "0x%04x\n", card->rca);
static ssize_t mmc_dsr_show(struct device *dev,
struct device_attribute *attr,
char *buf)
static ssize_t mmc_dsr_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
struct mmc_card *card = mmc_dev_to_card(dev);
struct mmc_host *host = card->host;
struct mmc_card *card = mmc_dev_to_card(dev);
struct mmc_host *host = card->host;
if (card->csd.dsr_imp && host->dsr_req)
return sprintf(buf, "0x%x\n", host->dsr);
else
/* return default DSR value */
return sprintf(buf, "0x%x\n", 0x404);
if (card->csd.dsr_imp && host->dsr_req)
return sysfs_emit(buf, "0x%x\n", host->dsr);
/* return default DSR value */
return sysfs_emit(buf, "0x%x\n", 0x404);
}
static DEVICE_ATTR(dsr, S_IRUGO, mmc_dsr_show, NULL);
@@ -735,9 +734,9 @@ static ssize_t info##num##_show(struct device *dev, struct device_attribute *att
\
if (num > card->num_info) \
return -ENODATA; \
if (!card->info[num-1][0]) \
if (!card->info[num - 1][0]) \
return 0; \
return sprintf(buf, "%s\n", card->info[num-1]); \
return sysfs_emit(buf, "%s\n", card->info[num - 1]); \
} \
static DEVICE_ATTR_RO(info##num)