mlx-bootctl: Fix potential buffer overflow
Bug #1931981 reported by
Shravan Kumar Ramani
This bug report is a duplicate of:
Bug #1931843: Update mlx-bootctl to access new fields in EEPROM MFG.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-bluefield (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
SRU Justification:
[Impact]
The sysfs store/show functions use sprintf without specifying a size which could lead to potential buffer overflow.
[Fix]
Replace sprintf with snprintf to avoid buffer overflow. Also, remove the redundant strlen usage since count is already available in the _store functions.
[Test Plan]
Read/write access to the EEPROM MFG fields can be tested via the sysfs entries that are exposed by the driver. Please note that the MFG partition is locked in order to protect the data and this could block all writes to it. In order to enable writes to the EEPROM, the MFG Info needs to be reset via the UEFI Device Manager.
[Regression Potential]
Can be considered minimum.
To post a comment you must log in.