This makes sure a format string cannot leak into the kobject name that
is constructed. (And splits the >80 character line.)
Signed-off-by: Kees Cook <[email protected]>
---
drivers/of/base.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/of/base.c b/drivers/of/base.c
index 8368d96ae7b4..f27d922eaece 100644
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -227,7 +227,8 @@ static int __of_node_add(struct device_node *np)
np->kobj.kset = of_kset;
if (!np->parent) {
/* Nodes without parents are new top level trees */
- rc = kobject_add(&np->kobj, NULL, safe_name(&of_kset->kobj, "base"));
+ rc = kobject_add(&np->kobj, NULL, "%s",
+ safe_name(&of_kset->kobj, "base"));
} else {
name = safe_name(&np->parent->kobj, kbasename(np->full_name));
if (!name || !name[0])
--
1.7.9.5
--
Kees Cook
Chrome OS Security
On Tue, Jun 10, 2014 at 11:57 AM, Kees Cook <[email protected]> wrote:
> This makes sure a format string cannot leak into the kobject name that
> is constructed. (And splits the >80 character line.)
>
> Signed-off-by: Kees Cook <[email protected]>
Applied.
This seems like a non-obvious thing to do, but I guess most people
aren't dealing directly with kobjects.
Rob
> ---
> drivers/of/base.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/of/base.c b/drivers/of/base.c
> index 8368d96ae7b4..f27d922eaece 100644
> --- a/drivers/of/base.c
> +++ b/drivers/of/base.c
> @@ -227,7 +227,8 @@ static int __of_node_add(struct device_node *np)
> np->kobj.kset = of_kset;
> if (!np->parent) {
> /* Nodes without parents are new top level trees */
> - rc = kobject_add(&np->kobj, NULL, safe_name(&of_kset->kobj, "base"));
> + rc = kobject_add(&np->kobj, NULL, "%s",
> + safe_name(&of_kset->kobj, "base"));
> } else {
> name = safe_name(&np->parent->kobj, kbasename(np->full_name));
> if (!name || !name[0])
> --
> 1.7.9.5
>
>
> --
> Kees Cook
> Chrome OS Security
On Fri, Jun 13, 2014 at 7:55 AM, Rob Herring <[email protected]> wrote:
> On Tue, Jun 10, 2014 at 11:57 AM, Kees Cook <[email protected]> wrote:
>> This makes sure a format string cannot leak into the kobject name that
>> is constructed. (And splits the >80 character line.)
>>
>> Signed-off-by: Kees Cook <[email protected]>
>
> Applied.
>
> This seems like a non-obvious thing to do, but I guess most people
> aren't dealing directly with kobjects.
Yeah, it's really unlikely this could get reached, but I just keep
cleaning this up any time I see them just to be safe. :)
Thanks!
-Kees
--
Kees Cook
Chrome OS Security