[PATCH] lockdown: avoid extra call to strlen() in lockdown_read()
Dmitry Antipov
dmantipov at yandex.ru
Thu Aug 14 14:00:20 UTC 2025
Since s*printf() family of functions returns the number of characters
emitted, avoid redundant call to strlen() in lockdown_read() and prefer
snprintf() over sprintf() for an extra protection against buffer overflow.
Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
---
security/lockdown/lockdown.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index cf83afa1d879..10537d7c4437 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -106,9 +106,13 @@ static ssize_t lockdown_read(struct file *filp, char __user *buf, size_t count,
const char *label = lockdown_reasons[level];
if (kernel_locked_down == level)
- offset += sprintf(temp+offset, "[%s] ", label);
+ offset += snprintf(temp + offset,
+ sizeof(temp) - offset,
+ "[%s] ", label);
else
- offset += sprintf(temp+offset, "%s ", label);
+ offset += snprintf(temp + offset,
+ sizeof(temp) - offset,
+ "%s ", label);
}
}
@@ -116,7 +120,7 @@ static ssize_t lockdown_read(struct file *filp, char __user *buf, size_t count,
if (offset > 0)
temp[offset-1] = '\n';
- return simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
+ return simple_read_from_buffer(buf, count, ppos, temp, offset);
}
static ssize_t lockdown_write(struct file *file, const char __user *buf,
--
2.50.1
More information about the Linux-security-module-archive
mailing list