| Message ID | 20140311202553.GA24552@www.outflux.net (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c index 02e2f38c9c85..dca97aa0a51e 100644 --- a/drivers/media/rc/rc-main.c +++ b/drivers/media/rc/rc-main.c @@ -62,7 +62,7 @@ struct rc_map *rc_map_get(const char *name) map = seek_rc_map(name); #ifdef MODULE if (!map) { - int rc = request_module(name); + int rc = request_module("%s", name); if (rc < 0) { printk(KERN_ERR "Couldn't load IR keymap %s\n", name); return NULL;
rc_map_get() takes a single string literal for the module to load, so make sure it cannot be used as a format string in the call to request_module(). Signed-off-by: Kees Cook <keescook@chromium.org> --- On another security note, this raw request_module() call should have some kind of prefix associated with it to make sure it can't be used to load arbitrary modules. For example, request_module("probe-%s", name) or something, as done for crypto, binfmts, etc. --- drivers/media/rc/rc-main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)