lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

thermal_debugfs: Avoid sscanf buffer overflow

Browse Source 
Only 19 characters out of total 20 can be used due to the '\0' terminator.

Change-Id: I34883be26f97a16fdcb5ff97ff326d98f4d93c18
Signed-off-by: Alexander Winkowski <dereference23@outlook.com>
This commit is contained in:
Alexander Winkowski 2023-11-19 12:37:24 +00:00 committed by Giovanni Ricca
parent e83c037c23
commit aaf72d0ae8
No known key found for this signature in database
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/thermal/thermal_debugfs.c
View File

@ -27,7 +27,7 @@ static int fetch_cdev(struct thermal_zone_device *tz, char *dev_token,
bool match_found = false;
dev_token = strim(dev_token);
if (sscanf(dev_token, "%20[^ +\n\t]", cdev_name) != 1)
if (sscanf(dev_token, "%19[^ +\n\t]", cdev_name) != 1)
return -EINVAL;
list_for_each_entry(instance, &tz->thermal_instances, tz_node) {
if (!instance->cdev || instance->trip != trip)
@ -41,14 +41,14 @@ static int fetch_cdev(struct thermal_zone_device *tz, char *dev_token,
if (!match_found)
return -ENODEV;
if (upper_lim_token) {
if (sscanf(upper_lim_token, "%20[^ +\n\t]", limit_str) != 1)
if (sscanf(upper_lim_token, "%19[^ +\n\t]", limit_str) != 1)
return -EINVAL;
if (kstrtoul(limit_str, 0, &upper_limit))
return -EINVAL;
instance->upper = upper_limit;
}
if (lower_lim_token) {
if (sscanf(lower_lim_token, "%20[^ +\n\t]", limit_str) != 1)
if (sscanf(lower_lim_token, "%19[^ +\n\t]", limit_str) != 1)
return -EINVAL;
if (kstrtoul(limit_str, 0, &lower_limit))
return -EINVAL;
@ -341,7 +341,7 @@ static ssize_t thermal_dbgfs_config_write(struct file *file,
}
sensor_buf = strnstr(buf, "sensor", count);
if (sensor_buf) {
if (sscanf(sensor_buf, "sensor %20[^\n\t ]",
if (sscanf(sensor_buf, "sensor %19[^\n\t ]",
sensor_name) != 1) {
pr_err("sensor name not found\n");
ret = -EINVAL;