kbuild: replace unbounded sprintf call in modpost (849464d1) · Commits · e / devices / android_kernel_samsung_universal8895

The modpost tool could overflow its stack buffer if someone was running with an insane shell environment. Regardless, it's technically a bug, so this fixes it to truncate the string instead of seg-faulting. Found by Coverity. Signed-off-by:

Kees Cook <keescook@chromium.org> Signed-off-by:

Michal Marek <mmarek@suse.cz>

scripts/mod/sumversion.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -416,7 +416,7 @@ void get_src_version(const char *modname, char sum[], unsigned sumlen)
	basename = strrchr(modname, '/') + 1;		basename = strrchr(modname, '/') + 1;
	else		else
	basename = modname;		basename = modname;
	sprintf(filelist, "%s/%.*s.mod", modverdir,		snprintf(filelist, sizeof(filelist), "%s/%.*s.mod", modverdir,
	(int) strlen(basename) - 2, basename);		(int) strlen(basename) - 2, basename);

	file = grab_file(filelist, &len);		file = grab_file(filelist, &len);