| Message ID | 20200311091630.22565-8-tiwai@suse.de (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | scsi: Use scnprintf() for avoiding potential buffer overflow | expand |
On 3/11/20 2:16 AM, Takashi Iwai wrote: > Since snprintf() returns the would-be-output size instead of the > actual output size, the succeeding calls may go beyond the given > buffer limit. Fix it by replacing with scnprintf(). Reviewed-by: Bart van Assche <bvanassche@acm.org>
On 11/03/2020 09:16, Takashi Iwai wrote: > Since snprintf() returns the would-be-output size instead of the > actual output size, the succeeding calls may go beyond the given > buffer limit. Fix it by replacing with scnprintf(). > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > --- > drivers/scsi/scsi_sysfs.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c > index c3a30ba4ae08..6b3644246d3a 100644 > --- a/drivers/scsi/scsi_sysfs.c > +++ b/drivers/scsi/scsi_sysfs.c > @@ -1045,14 +1045,14 @@ sdev_show_blacklist(struct device *dev, struct device_attribute *attr, > name = sdev_bflags_name[i]; > > if (name) > - len += snprintf(buf + len, PAGE_SIZE - len, > + len += scnprintf(buf + len, PAGE_SIZE - len, > "%s%s", len ? " " : "", name); It would be nice to ensure that alignment with the parenthesis is maintained Thanks > else > - len += snprintf(buf + len, PAGE_SIZE - len, > + len += scnprintf(buf + len, PAGE_SIZE - len, > "%sINVALID_BIT(%d)", len ? " " : "", i); > } > if (len) > - len += snprintf(buf + len, PAGE_SIZE - len, "\n"); > + len += scnprintf(buf + len, PAGE_SIZE - len, "\n"); > return len; > } > static DEVICE_ATTR(blacklist, S_IRUGO, sdev_show_blacklist, NULL); >
On Thu, 12 Mar 2020 10:25:11 +0100, John Garry wrote: > > On 11/03/2020 09:16, Takashi Iwai wrote: > > Since snprintf() returns the would-be-output size instead of the > > actual output size, the succeeding calls may go beyond the given > > buffer limit. Fix it by replacing with scnprintf(). > > > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > > --- > > drivers/scsi/scsi_sysfs.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c > > index c3a30ba4ae08..6b3644246d3a 100644 > > --- a/drivers/scsi/scsi_sysfs.c > > +++ b/drivers/scsi/scsi_sysfs.c > > @@ -1045,14 +1045,14 @@ sdev_show_blacklist(struct device *dev, struct device_attribute *attr, > > name = sdev_bflags_name[i]; > > if (name) > > - len += snprintf(buf + len, PAGE_SIZE - len, > > + len += scnprintf(buf + len, PAGE_SIZE - len, > > "%s%s", len ? " " : "", name); > > It would be nice to ensure that alignment with the parenthesis is maintained OK, will respin v2 with that change. thanks, Takashi
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c index c3a30ba4ae08..6b3644246d3a 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c @@ -1045,14 +1045,14 @@ sdev_show_blacklist(struct device *dev, struct device_attribute *attr, name = sdev_bflags_name[i]; if (name) - len += snprintf(buf + len, PAGE_SIZE - len, + len += scnprintf(buf + len, PAGE_SIZE - len, "%s%s", len ? " " : "", name); else - len += snprintf(buf + len, PAGE_SIZE - len, + len += scnprintf(buf + len, PAGE_SIZE - len, "%sINVALID_BIT(%d)", len ? " " : "", i); } if (len) - len += snprintf(buf + len, PAGE_SIZE - len, "\n"); + len += scnprintf(buf + len, PAGE_SIZE - len, "\n"); return len; } static DEVICE_ATTR(blacklist, S_IRUGO, sdev_show_blacklist, NULL);
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> --- drivers/scsi/scsi_sysfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)