[PATCH] um: mconsole: use bounded version string formatting

Next message: Pengpeng Hou: "[PATCH] scsi: hpsa: use bounded formatting for controller and IRQ names"
Previous message: Pengpeng Hou: "[PATCH] fsi: occ: bound SRAM write payload length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pengpeng Hou

Date: Sat Mar 28 2026 - 23:14:35 EST

mconsole_version() formats several UTS strings into a fixed 256-byte local buffer with sprintf() and no length bound.

Use snprintf() so the version reply stays within the local buffer.

Fixes: e9ff3990f08e ("[PATCH] namespaces: utsname: switch to using uts namespaces")
Signed-off-by: Pengpeng Hou <pengpeng@xxxxxxxxxxx>
---
arch/um/drivers/mconsole_kern.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/um/drivers/mconsole_kern.c b/arch/um/drivers/mconsole_kern.c
index e2a9e8879f58..18d0ec15557c 100644
--- a/arch/um/drivers/mconsole_kern.c
+++ b/arch/um/drivers/mconsole_kern.c
@@ -106,9 +106,9 @@ void mconsole_version(struct mc_request *req)
{
char version[256];

- sprintf(version, "%s %s %s %s %s", utsname()->sysname,
- utsname()->nodename, utsname()->release, utsname()->version,
- utsname()->machine);
+ snprintf(version, sizeof(version), "%s %s %s %s %s",
+ utsname()->sysname, utsname()->nodename, utsname()->release,
+ utsname()->version, utsname()->machine);
mconsole_reply(req, version, 0, 0);
}

--
2.50.1 (Apple Git-155)