wok-current diff linux/stuff/linux-usbip-fix-format-overflow-gcc8.patch @ rev 25629

Mass updates for current
author: Stanislas Leduc <shann@slitaz.org>
date: Wed Oct 11 18:45:46 2023 +0000 (9 months ago)
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/linux/stuff/linux-usbip-fix-format-overflow-gcc8.patch	Wed Oct 11 18:45:46 2023 +0000
     1.3 @@ -0,0 +1,103 @@
     1.4 +Upstream commit e5dfa3f902b9 ("usbip: Fix potential format overflow in
     1.5 +userspace tools")
     1.6 +
     1.7 +
     1.8 +The usbip userspace tools call sprintf()/snprintf() and don't check for
     1.9 +the return value which can lead the paths to overflow, truncating the
    1.10 +final file in the path.
    1.11 +
    1.12 +More urgently, GCC 7 now warns that these aren't checked with
    1.13 +-Wformat-overflow, and with -Werror enabled in configure.ac, that makes
    1.14 +these tools unbuildable.
    1.15 +
    1.16 +This patch fixes these problems by replacing sprintf() with snprintf() in
    1.17 +one place and adding checks for the return value of snprintf().
    1.18 +
    1.19 +Reviewed-by: Peter Senna Tschudin <peter.se...@gmail.com>
    1.20 +Signed-off-by: Jonathan Dieter <jdie...@lesbg.com>
    1.21 +Acked-by: Shuah Khan <shua...@osg.samsung.com>
    1.22 +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
    1.23 +Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
    1.24 +
    1.25 +diff --git a/tools/usb/usbip/libsrc/usbip_common.c b/tools/usb/usbip/libsrc/usbip_common.c
    1.26 +index ac73710..01dd4b2 100644
    1.27 +--- a/drivers/staging/usbip/userspace/libsrc/usbip_common.c
    1.28 ++++ b/drivers/staging/usbip/userspace/libsrc/usbip_common.c
    1.29 +@@ -215,9 +215,16 @@
    1.30 + 		       struct usbip_usb_interface *uinf)
    1.31 + {
    1.32 + 	char busid[SYSFS_BUS_ID_SIZE];
    1.33 ++	int size;
    1.34 + 	struct udev_device *sif;
    1.35 + 
    1.36 +-	sprintf(busid, "%s:%d.%d", udev->busid, udev->bConfigurationValue, i);
    1.37 ++	size = snprintf(busid, sizeof(busid), "%s:%d.%d",
    1.38 ++	udev->busid, udev->bConfigurationValue, i);
    1.39 ++	if (size < 0 || (unsigned int)size >= sizeof(busid)) {
    1.40 ++		err("busid length %i >= %lu or < 0", size,
    1.41 ++		(unsigned long)sizeof(busid));
    1.42 ++		return -1;
    1.43 ++	}
    1.44 + 
    1.45 + 	sif = udev_device_new_from_subsystem_sysname(udev_context, "usb", busid);
    1.46 + 	if (!sif) {
    1.47 +diff --git a/drivers/staging/usbip/userspace/libsrc/usbip_host_driver.c 
    1.48 +b/drivers/staging/usbip/userspace/libsrc/usbip_host_driver.c
    1.49 +index 9d415228883d..c10379439668 100644
    1.50 +--- a/drivers/staging/usbip/userspace/libsrc/usbip_host_driver.c
    1.51 ++++ b/drivers/staging/usbip/userspace/libsrc/usbip_host_driver.c
    1.52 +@@ -39,13 +39,19 @@
    1.53 + static int32_t read_attr_usbip_status(struct usbip_usb_device *udev)
    1.54 + {
    1.55 + 	char status_attr_path[SYSFS_PATH_MAX];
    1.56 ++	int size;
    1.57 + 	int fd;
    1.58 + 	int length;
    1.59 + 	char status;
    1.60 + 	int value = 0;
    1.61 + 
    1.62 +-	snprintf(status_attr_path, SYSFS_PATH_MAX, "%s/usbip_status",
    1.63 +-		 udev->path);
    1.64 ++	size = snprintf(status_attr_path, sizeof(status_attr_path),
    1.65 ++		"%s/usbip_status", udev->path);
    1.66 ++	if (size < 0 || (unsigned int)size >= sizeof(status_attr_path)) {
    1.67 ++		err("usbip_status path length %i >= %lu or < 0", size,
    1.68 ++		(unsigned long)sizeof(status_attr_path));
    1.69 ++		return -1;
    1.70 ++	}
    1.71 + 
    1.72 + 	if ((fd = open(status_attr_path, O_RDONLY)) < 0) {
    1.73 + 		err("error opening attribute %s", status_attr_path);
    1.74 +@@ -224,6 +230,7 @@
    1.75 + {
    1.76 + 	char attr_name[] = "usbip_sockfd";
    1.77 + 	char sockfd_attr_path[SYSFS_PATH_MAX];
    1.78 ++	int size;
    1.79 + 	char sockfd_buff[30];
    1.80 + 	int ret;
    1.81 + 
    1.82 +@@ -244,10 +251,20 @@
    1.83 + 	}
    1.84 + 
    1.85 + 	/* only the first interface is true */
    1.86 +-	snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s",
    1.87 ++	size = snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s",
    1.88 + 		 edev->udev.path, attr_name);
    1.89 ++	if (size < 0 || (unsigned int)size >= sizeof(sockfd_attr_path)) {
    1.90 ++		err("exported device path length %i >= %lu or < 0", size,
    1.91 ++		(unsigned long)sizeof(sockfd_attr_path));
    1.92 ++		return -1;
    1.93 ++	}
    1.94 + 
    1.95 +-	snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd);
    1.96 ++	size = snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd);
    1.97 ++	if (size < 0 || (unsigned int)size >= sizeof(sockfd_buff)) {
    1.98 ++		err("socket length %i >= %lu or < 0", size,
    1.99 ++		(unsigned long)sizeof(sockfd_buff));
   1.100 ++		return -1;
   1.101 ++	}
   1.102 + 
   1.103 + 	ret = write_sysfs_attribute(sockfd_attr_path, sockfd_buff,
   1.104 + 				    strlen(sockfd_buff));
   1.105 +-- 
   1.106 +2.14.1
author	Stanislas Leduc <shann@slitaz.org>
date	Wed Oct 11 18:45:46 2023 +0000 (9 months ago)
parents
children