Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp552463ybb; Fri, 10 Apr 2020 05:34:10 -0700 (PDT) X-Google-Smtp-Source: APiQypI4mx6Ti9t+6sn5Z0eWL8TTJrbVaFGSP9ggLgcs1jkqKzr4NjmmgwnfLtJKc7kPZSnEJ+Eh X-Received: by 2002:ac8:440a:: with SMTP id j10mr4088585qtn.60.1586522050004; Fri, 10 Apr 2020 05:34:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586522049; cv=none; d=google.com; s=arc-20160816; b=Nd+MXKzCLT4DG4nClXqF9ogw9FLGX+JHM/LZli/LxlJrt7hM2jvnqkoi3dL2EyHnBW nhXq3xzKcURrjBY5mcn4msMo0Bp/zwv/wLeA3S+z1CiytQevGGYbyZ7oCPs23aM/jSUP Aya02isjAK/IUNHwcFqgiJdSZWPKeetuJK+qditrx+CeBA0ImXNizQ9dUH5x6S9LxjHn /qJGx/IoFcm5xVJqMrL9+fyVJrLb83fD6LSPfivmHVEaBKX+uoj7EGPs6uVJmgFJW0uQ 1Tc1VBXt0TEX84J8SUqC94AOsfwuBzrYN3996YrGW+5AbBHsuTL1hkhtjPiD1G0fI9qF Eahg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=oZ4mTa/knZg2c3uydTiSH3iGohdOLCMYiOTGruiDB44=; b=d+EIzx40eCimLdlw4H3qQBK86QfnC6ySvgS/E51lXx7cBSOLYE9HwTeQCgNnwgQCK4 QDuRIZRAFjVQI8U8bFCpC3HysBskQvSvB0CAPcZWDR3tZj718l2QrI5atcipEGPmsmvW JyfCm1BaRjmETFhVmk++s/pJff3K5WPoFMsJePkRRwKjrTICBss4+LwXmipuSgYSLPRr dztsZvH2Q2ljmf1WUjuGhn+HvxcetjZtPjulUU995Gy6df3V4cnWs1O4cQGy6VWCR0rT KCan3HgYRqLvGQZZ4qcoS52ruEj19wPr0Po9dV7Z92YhaWO024laisNqnAOdfPKbaOOe /unw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=INLqcIST; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g14si1004131qts.80.2020.04.10.05.33.54; Fri, 10 Apr 2020 05:34:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=INLqcIST; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726234AbgDJMdQ (ORCPT + 99 others); Fri, 10 Apr 2020 08:33:16 -0400 Received: from mail-lj1-f196.google.com ([209.85.208.196]:33066 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725930AbgDJMdQ (ORCPT ); Fri, 10 Apr 2020 08:33:16 -0400 Received: by mail-lj1-f196.google.com with SMTP id q22so1838535ljg.0; Fri, 10 Apr 2020 05:33:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id; bh=oZ4mTa/knZg2c3uydTiSH3iGohdOLCMYiOTGruiDB44=; b=INLqcIST63qUP2L0bEZpAvS/9RIaV7Qr6MrQkTXbpyKTxw2bckSqzVlr/UTU5vJPlV V0/BMJh/wM7nRQi3FBU/Gj9zVpdevlnc6EdAE4Q7v1uG5VEFStrbYDW0fdPQFdvMzt+4 u0IlEl1z+syacsjqSgJtLhOpUOQuTnS5e1ggOXUIdORCvZLPKW77Bdo3WVNILoxWWuLx GcoDzdSxxOwH75+8UgRtDZVrdx9aSb6m4xuGAvn0/ovmVIfggkzmNBYZ7tz6579hYP1h q0YGuBtlequ5w64x2mpCl0PKJ2fMEpdABifPhEi0OZLfNV1ZArdkYh9f1znVgUdgfgam 9mYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; bh=oZ4mTa/knZg2c3uydTiSH3iGohdOLCMYiOTGruiDB44=; b=J3LAUvLnzqwVSfQo0+faf9EbrM74NngDUSNwTDLqs6HqsRYNxROarKwB2ykz6hIIX6 D+ZAgrJiBUYTCyhmkRQtRubHGAFvr3n/YCgKaFJkE7dbTJ+hhhrf15eBLP6G1BlEFuGF sg6ENBOh1/EDQmQKSabMjQ5lGAuMOeRSVKmNW0PSBSJeD65wHRSDMCamOHlfDUfsNdDc BwPX0vKijw1QpR/SSXorP8Xa9J0SKPaXcGs4Hb9KO4QL7mdIIImw5QO1HXTM0fPXshK+ 7tz8EbixTrO/MffHart4vRdR/PG5M57sxUWJsptXSfaz1gM62qIfnrH6lIKhnzmp8Ons sG1g== X-Gm-Message-State: AGi0PuasSP30BUKAweNKM1q3Mzme24sToHVtfPkNep2UXV6VR1erTSiJ ajuOdyzbDvPCcsmJxwrMAkg= X-Received: by 2002:a2e:8745:: with SMTP id q5mr2936178ljj.157.1586521993889; Fri, 10 Apr 2020 05:33:13 -0700 (PDT) Received: from work.bb.dnainternet.fi (dffyyyyyyyyyyyysyd4py-3.rev.dnainternet.fi. [2001:14ba:2100::1e0:1e18]) by smtp.gmail.com with ESMTPSA id r23sm1012619ljh.34.2020.04.10.05.33.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Apr 2020 05:33:13 -0700 (PDT) From: Tuomas Tynkkynen To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+6693adf1698864d21734@syzkaller.appspotmail.com, Tuomas Tynkkynen , stable@kernel.org Subject: [PATCH] mac80211_hwsim: Use kstrndup() in place of kasprintf() Date: Fri, 10 Apr 2020 15:32:57 +0300 Message-Id: <20200410123257.14559-1-tuomas.tynkkynen@iki.fi> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org syzbot reports a warning: precision 33020 too large WARNING: CPU: 0 PID: 9618 at lib/vsprintf.c:2471 set_precision+0x150/0x180 lib/vsprintf.c:2471 vsnprintf+0xa7b/0x19a0 lib/vsprintf.c:2547 kvasprintf+0xb2/0x170 lib/kasprintf.c:22 kasprintf+0xbb/0xf0 lib/kasprintf.c:59 hwsim_del_radio_nl+0x63a/0x7e0 drivers/net/wireless/mac80211_hwsim.c:3625 genl_family_rcv_msg_doit net/netlink/genetlink.c:672 [inline] ... entry_SYSCALL_64_after_hwframe+0x49/0xbe Thus it seems that kasprintf() with "%.*s" format can not be used for duplicating a string with arbitrary length. Replace it with kstrndup(). Reported-by: syzbot+6693adf1698864d21734@syzkaller.appspotmail.com Cc: stable@kernel.org Signed-off-by: Tuomas Tynkkynen --- Compile tested only. --- drivers/net/wireless/mac80211_hwsim.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index 7fe8207db6ae..7c4b7c31d07a 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3669,9 +3669,9 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info) } if (info->attrs[HWSIM_ATTR_RADIO_NAME]) { - hwname = kasprintf(GFP_KERNEL, "%.*s", - nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), - (char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME])); + hwname = kstrndup((char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME]), + nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), + GFP_KERNEL); if (!hwname) return -ENOMEM; param.hwname = hwname; @@ -3691,9 +3691,9 @@ static int hwsim_del_radio_nl(struct sk_buff *msg, struct genl_info *info) if (info->attrs[HWSIM_ATTR_RADIO_ID]) { idx = nla_get_u32(info->attrs[HWSIM_ATTR_RADIO_ID]); } else if (info->attrs[HWSIM_ATTR_RADIO_NAME]) { - hwname = kasprintf(GFP_KERNEL, "%.*s", - nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), - (char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME])); + hwname = kstrndup((char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME]), + nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), + GFP_KERNEL); if (!hwname) return -ENOMEM; } else -- 2.17.1