| Message ID | 20190202015253.20051-3-vishal.l.verma@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [ndctl,1/4] ndctl, keys: fix a memory leak in dimm_create_key() | expand |
On Fri, Feb 1, 2019 at 5:53 PM Vishal Verma <vishal.l.verma@intel.com> wrote: > > Static analysis reports that the ndctl_dimm_get_security() function can > overflow 'buf'. Just above it, ndctl_dimm_get_available_labels() seems > to make the same mistake. Fix both of these by allocating a buffer of > the correct size. > > Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> Looks good, Reviewed-by: Dan Williams <dan.j.williams@intel.com>
diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c index 0a4ca79..22cf4e1 100644 --- a/ndctl/lib/dimm.c +++ b/ndctl/lib/dimm.c @@ -582,7 +582,7 @@ NDCTL_EXPORT unsigned long ndctl_dimm_get_available_labels( struct ndctl_ctx *ctx = ndctl_dimm_get_ctx(dimm); char *path = dimm->dimm_buf; int rc, len = dimm->buf_len; - char buf[20]; + char buf[SYSFS_ATTR_SIZE]; if (snprintf(path, len, "%s/available_slots", dimm->dimm_path) >= len) { err(ctx, "%s: buffer too small!\n", @@ -605,8 +605,8 @@ NDCTL_EXPORT enum ndctl_security_state ndctl_dimm_get_security( { struct ndctl_ctx *ctx = ndctl_dimm_get_ctx(dimm); char *path = dimm->dimm_buf; + char buf[SYSFS_ATTR_SIZE]; int len = dimm->buf_len; - char buf[64]; int rc; if (snprintf(path, len, "%s/security", dimm->dimm_path) >= len) {
Static analysis reports that the ndctl_dimm_get_security() function can overflow 'buf'. Just above it, ndctl_dimm_get_available_labels() seems to make the same mistake. Fix both of these by allocating a buffer of the correct size. Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> --- ndctl/lib/dimm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)