Use the snprintf function instead of sprintf in the meltdown.c file to prevent buffer overflow.
Cause the length of the release in a struct utsname is unspecified.
struct utsname {
char sysname[]; / Operating system name (e.g., "Linux") /
char nodename[]; / Name within communications network
to which the node is attached, if any /
char release[]; / Operating system release
(e.g., "2.6.28") /
char version[]; / Operating system version /
char machine[]; / Hardware type identifier /
ifdef _GNU_SOURCE
char domainname[]; /* NIS or YP domain name */
#endif
};
It appears that the struct member in question has its length specified by the libc implementation and can be accessed with sizeof. This is stated in the man page.
Use the snprintf function instead of sprintf in the meltdown.c file to prevent buffer overflow. Cause the length of the release in a struct utsname is unspecified.
struct utsname { char sysname[]; / Operating system name (e.g., "Linux") / char nodename[]; / Name within communications network to which the node is attached, if any / char release[]; / Operating system release (e.g., "2.6.28") / char version[]; / Operating system version / char machine[]; / Hardware type identifier /
ifdef _GNU_SOURCE
Signed-off-by: Kunwu Chan chentao@kylinos.cn