On Thu, Sep 05, 2019 at 03:44:26PM -0400, J. Bruce Fields wrote: > From: "J. Bruce Fields" <bfie...@redhat.com> > > %*pEp (without "h" or "o") is a no-op. This string could contain > arbitrary (non-NULL) characters, so we do want escaping. Use %*pE like > every other caller.
Agreed on all counts. pEp is actively resulting in NO escaping, which is a bug here. Acked-by: Kees Cook <keesc...@chromium.org> -Kees > > Signed-off-by: J. Bruce Fields <bfie...@redhat.com> > --- > drivers/thunderbolt/xdomain.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c > index 5118d46702d5..4e17a7c7bf0a 100644 > --- a/drivers/thunderbolt/xdomain.c > +++ b/drivers/thunderbolt/xdomain.c > @@ -636,7 +636,7 @@ static ssize_t key_show(struct device *dev, struct > device_attribute *attr, > * It should be null terminated but anything else is pretty much > * allowed. > */ > - return sprintf(buf, "%*pEp\n", (int)strlen(svc->key), svc->key); > + return sprintf(buf, "%*pE\n", (int)strlen(svc->key), svc->key); > } > static DEVICE_ATTR_RO(key); > > -- > 2.21.0 > -- Kees Cook
