| Message ID | 1443056906-7306-1-git-send-email-sasha.levin@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Sasha Levin <sasha.levin@oracle.com> writes: > A malicious string passed from userspace might contain format specifiers which > request_module() might try to handle, which is bad. > > Signed-off-by: Sasha Levin <sasha.levin@oracle.com> > --- > drivers/scsi/scsi_dh.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/scsi_dh.c b/drivers/scsi/scsi_dh.c > index edb044a..24be260 100644 > --- a/drivers/scsi/scsi_dh.c > +++ b/drivers/scsi/scsi_dh.c > @@ -111,7 +111,7 @@ static struct scsi_device_handler *scsi_dh_lookup(const char *name) > > dh = __scsi_dh_lookup(name); > if (!dh) { > - request_module(name); > + request_module("%s", name); > dh = __scsi_dh_lookup(name); > } Good catch. Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
diff --git a/drivers/scsi/scsi_dh.c b/drivers/scsi/scsi_dh.c index edb044a..24be260 100644 --- a/drivers/scsi/scsi_dh.c +++ b/drivers/scsi/scsi_dh.c @@ -111,7 +111,7 @@ static struct scsi_device_handler *scsi_dh_lookup(const char *name) dh = __scsi_dh_lookup(name); if (!dh) { - request_module(name); + request_module("%s", name); dh = __scsi_dh_lookup(name); }
A malicious string passed from userspace might contain format specifiers which request_module() might try to handle, which is bad. Signed-off-by: Sasha Levin <sasha.levin@oracle.com> --- drivers/scsi/scsi_dh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)