[ndctl,3/4] libndctl: fix a couple of theoretical buffer overruns
diff mbox series

Message ID 20190202015253.20051-3-vishal.l.verma@intel.com
State New
Headers show
Series
  • [ndctl,1/4] ndctl, keys: fix a memory leak in dimm_create_key()
Related show

Commit Message

Verma, Vishal L Feb. 2, 2019, 1:52 a.m. UTC
Static analysis reports that the ndctl_dimm_get_security() function can
overflow 'buf'. Just above it, ndctl_dimm_get_available_labels() seems
to make the same mistake. Fix both of these by allocating a buffer of
the correct size.

Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
---
 ndctl/lib/dimm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Dan Williams Feb. 2, 2019, 1:59 a.m. UTC | #1
On Fri, Feb 1, 2019 at 5:53 PM Vishal Verma <vishal.l.verma@intel.com> wrote:
>
> Static analysis reports that the ndctl_dimm_get_security() function can
> overflow 'buf'. Just above it, ndctl_dimm_get_available_labels() seems
> to make the same mistake. Fix both of these by allocating a buffer of
> the correct size.
>
> Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>

Looks good,

Reviewed-by: Dan Williams <dan.j.williams@intel.com>

Patch
diff mbox series

diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c
index 0a4ca79..22cf4e1 100644
--- a/ndctl/lib/dimm.c
+++ b/ndctl/lib/dimm.c
@@ -582,7 +582,7 @@  NDCTL_EXPORT unsigned long ndctl_dimm_get_available_labels(
 	struct ndctl_ctx *ctx = ndctl_dimm_get_ctx(dimm);
 	char *path = dimm->dimm_buf;
 	int rc, len = dimm->buf_len;
-	char buf[20];
+	char buf[SYSFS_ATTR_SIZE];
 
 	if (snprintf(path, len, "%s/available_slots", dimm->dimm_path) >= len) {
 		err(ctx, "%s: buffer too small!\n",
@@ -605,8 +605,8 @@  NDCTL_EXPORT enum ndctl_security_state ndctl_dimm_get_security(
 {
 	struct ndctl_ctx *ctx = ndctl_dimm_get_ctx(dimm);
 	char *path = dimm->dimm_buf;
+	char buf[SYSFS_ATTR_SIZE];
 	int len = dimm->buf_len;
-	char buf[64];
 	int rc;
 
 	if (snprintf(path, len, "%s/security", dimm->dimm_path) >= len) {