kobject: sanitize argument for format string

Unlike kobject_set_name(), the kset_create_and_add() interface does not provide a way to use format strings, so make sure that the interface cannot be abused accidentally. It looks like all current callers use static strings, so there's no existing flaw. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

kobject: sanitize argument for format string
Unlike kobject_set_name(), the kset_create_and_add() interface does not provide a way to use format strings, so make sure that the interface cannot be abused accidentally. It looks like all current callers use static strings, so there's no existing flaw. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kees Cook · Greg Kroah-Hartman
1 parent fc60bb8339
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
lib/kobject.c
@@ -805,7 +805,7 @@
 	kset = kzalloc(sizeof(*kset), GFP_KERNEL);
 	if (!kset)
 		return NULL;
-	retval = kobject_set_name(&kset->kobj, name);
+	retval = kobject_set_name(&kset->kobj, "%s", name);
 	if (retval) {
 		kfree(kset);
 		return NULL;
...	...	@@ -805,7 +805,7 @@
805	805	kset = kzalloc(sizeof(*kset), GFP_KERNEL);
806	806	if (!kset)
807	807	return NULL;
808		- retval = kobject_set_name(&kset->kobj, name);
	808	+ retval = kobject_set_name(&kset->kobj, "%s", name);
809	809	if (retval) {
810	810	kfree(kset);
811	811	return NULL;