From: Takashi Iwai <tiwai@suse.de>
To: netdev@vger.kernel.org
Cc: "David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 7/7] netdevsim: Use scnprintf() for avoiding potential buffer overflow
Date: Wed, 11 Mar 2020 09:37:45 +0100 [thread overview]
Message-ID: <20200311083745.17328-8-tiwai@suse.de> (raw)
In-Reply-To: <20200311083745.17328-1-tiwai@suse.de>
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Cc: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
drivers/net/netdevsim/ipsec.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index e27fc1a4516d..3281ce3d6c70 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -29,7 +29,7 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp,
return -ENOMEM;
p = buf;
- p += snprintf(p, bufsize - (p - buf),
+ p += scnprintf(p, bufsize - (p - buf),
"SA count=%u tx=%u\n",
ipsec->count, ipsec->tx);
@@ -39,15 +39,15 @@ static ssize_t nsim_dbg_netdev_ops_read(struct file *filp,
if (!sap->used)
continue;
- p += snprintf(p, bufsize - (p - buf),
+ p += scnprintf(p, bufsize - (p - buf),
"sa[%i] %cx ipaddr=0x%08x %08x %08x %08x\n",
i, (sap->rx ? 'r' : 't'), sap->ipaddr[0],
sap->ipaddr[1], sap->ipaddr[2], sap->ipaddr[3]);
- p += snprintf(p, bufsize - (p - buf),
+ p += scnprintf(p, bufsize - (p - buf),
"sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n",
i, be32_to_cpu(sap->xs->id.spi),
sap->xs->id.proto, sap->salt, sap->crypt);
- p += snprintf(p, bufsize - (p - buf),
+ p += scnprintf(p, bufsize - (p - buf),
"sa[%i] key=0x%08x %08x %08x %08x\n",
i, sap->key[0], sap->key[1],
sap->key[2], sap->key[3]);
--
2.16.4
prev parent reply other threads:[~2020-03-11 8:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-11 8:37 [PATCH 0/7] net: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
2020-03-11 8:37 ` [PATCH 1/7] net: caif: " Takashi Iwai
2020-03-11 8:37 ` [PATCH 2/7] i40e: " Takashi Iwai
2020-03-16 20:32 ` [Intel-wired-lan] " Bowers, AndrewX
2020-03-11 8:37 ` [PATCH 3/7] mlx4: " Takashi Iwai
2020-03-11 8:37 ` [PATCH 4/7] nfp: " Takashi Iwai
2020-03-11 11:01 ` [oss-drivers] " Simon Horman
2020-03-11 21:44 ` Jakub Kicinski
2020-03-11 8:37 ` [PATCH 5/7] ionic: " Takashi Iwai
2020-03-11 11:01 ` [oss-drivers] " Simon Horman
2020-03-11 16:45 ` Shannon Nelson
2020-03-11 8:37 ` [PATCH 6/7] sfc: " Takashi Iwai
2020-03-12 9:53 ` Martin Habets
2020-03-12 11:38 ` Takashi Iwai
2020-03-11 8:37 ` Takashi Iwai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200311083745.17328-8-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).