| Message ID | 20140311202446.GA24531@www.outflux.net |
|---|---|
| State | Changes Requested |
| Delegated to: | David Miller |
| Headers | show |
On Tue, Mar 11, 2014 at 01:24:46PM -0700, Kees Cook wrote: > Since unaligned_panic() takes a literal string, make sure it can never > accidentally be used as a format string. > > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > arch/sparc/kernel/unaligned_32.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/sparc/kernel/unaligned_32.c b/arch/sparc/kernel/unaligned_32.c > index c0ec89786193..892e399414e0 100644 > --- a/arch/sparc/kernel/unaligned_32.c > +++ b/arch/sparc/kernel/unaligned_32.c > @@ -162,7 +162,7 @@ unsigned long safe_compute_effective_address(struct pt_regs *regs, > /* This is just to make gcc think panic does return... */ > static void unaligned_panic(char *str) > { > - panic(str); > + panic("%s", str); > } > > /* una_asm.S */ Another "fix" would be to align with sparc64 and call die_if_kernel() Sam -- To unsubscribe from this list: send the line "unsubscribe sparclinux" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Sam Ravnborg <sam@ravnborg.org> Date: Sat, 15 Mar 2014 09:07:09 +0100 > On Tue, Mar 11, 2014 at 01:24:46PM -0700, Kees Cook wrote: >> Since unaligned_panic() takes a literal string, make sure it can never >> accidentally be used as a format string. >> >> Signed-off-by: Kees Cook <keescook@chromium.org> >> --- >> arch/sparc/kernel/unaligned_32.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/arch/sparc/kernel/unaligned_32.c b/arch/sparc/kernel/unaligned_32.c >> index c0ec89786193..892e399414e0 100644 >> --- a/arch/sparc/kernel/unaligned_32.c >> +++ b/arch/sparc/kernel/unaligned_32.c >> @@ -162,7 +162,7 @@ unsigned long safe_compute_effective_address(struct pt_regs *regs, >> /* This is just to make gcc think panic does return... */ >> static void unaligned_panic(char *str) >> { >> - panic(str); >> + panic("%s", str); >> } >> >> /* una_asm.S */ > > Another "fix" would be to align with sparc64 and call die_if_kernel() Furthermore, this is a silly change because there are only two call sites, they are both in this file, and they clearly do not pass format strings embedded in the string. -- To unsubscribe from this list: send the line "unsubscribe sparclinux" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/arch/sparc/kernel/unaligned_32.c b/arch/sparc/kernel/unaligned_32.c index c0ec89786193..892e399414e0 100644 --- a/arch/sparc/kernel/unaligned_32.c +++ b/arch/sparc/kernel/unaligned_32.c @@ -162,7 +162,7 @@ unsigned long safe_compute_effective_address(struct pt_regs *regs, /* This is just to make gcc think panic does return... */ static void unaligned_panic(char *str) { - panic(str); + panic("%s", str); } /* una_asm.S */
Since unaligned_panic() takes a literal string, make sure it can never accidentally be used as a format string. Signed-off-by: Kees Cook <keescook@chromium.org> --- arch/sparc/kernel/unaligned_32.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)