drivers: avoid format string in dev_set_name Calling dev_set_name with a single paramter causes it to be handled as a format string. Many callers are passing potentially dynamic string content, so use "%s" in those cases to avoid any potential accidents, including wrappers like device_create*() and bdi_register(). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 02aa2a37636c8fa4fb9322d91be46ff8225b7de0 [log] [tgz]
author: Kees Cook <keescook@chromium.org> Wed Jul 03 15:04:56 2013 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Wed Jul 03 16:07:41 2013 -0700
tree: 97c93d17cfcad186d229ef76f96de709eddfea8c
parent: 096a8aac6bf4a5a0b2ef812ad76d056bbf3fb2af [diff] [blame]
diff --git a/mm/backing-dev.c b/mm/backing-dev.c
index 5025174..d014ee5 100644
--- a/mm/backing-dev.c
+++ b/mm/backing-dev.c

@@ -515,7 +515,6 @@
 int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
 			   unsigned int cap)
 {
-	char tmp[32];
 	int err;
 
 	bdi->name = name;
@@ -524,8 +523,8 @@
 	if (err)
 		return err;
 
-	sprintf(tmp, "%.28s%s", name, "-%d");
-	err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq));
+	err = bdi_register(bdi, NULL, "%.28s-%ld", name,
+			   atomic_long_inc_return(&bdi_seq));
 	if (err) {
 		bdi_destroy(bdi);
 		return err;
commit	02aa2a37636c8fa4fb9322d91be46ff8225b7de0	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Wed Jul 03 15:04:56 2013 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Wed Jul 03 16:07:41 2013 -0700
tree	97c93d17cfcad186d229ef76f96de709eddfea8c
parent	096a8aac6bf4a5a0b2ef812ad76d056bbf3fb2af [diff] [blame]