netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Takashi Iwai <tiwai@suse.de>
To: Martin Habets <mhabets@solarflare.com>
Cc: Takashi Iwai <tiwai@suse.de>, <netdev@vger.kernel.org>,
	"David S . Miller" <davem@davemloft.net>,
	Solarflare linux maintainers <linux-net-drivers@solarflare.com>,
	Edward Cree <ecree@solarflare.com>
Subject: Re: [PATCH 6/7] sfc: Use scnprintf() for avoiding potential buffer overflow
Date: Thu, 12 Mar 2020 12:38:14 +0100	[thread overview]
Message-ID: <s5hv9n9g5w9.wl-tiwai@suse.de> (raw)
In-Reply-To: <92ac1339-892c-20de-1547-02a8eee85f12@solarflare.com>

On Thu, 12 Mar 2020 10:53:05 +0100,
Martin Habets wrote:
> 
> Hi Takashi,
> 
> Fix looks ok, but could you please fix the alignment of the subsequent lines as well?

Yes, I'll respin with that in v2, as other people also asked for it.


thanks,

Takashi

> 
> Thanks,
> Martin
> 
> On 11/03/2020 08:37, Takashi Iwai wrote:
> > Since snprintf() returns the would-be-output size instead of the
> > actual output size, the succeeding calls may go beyond the given
> > buffer limit.  Fix it by replacing with scnprintf().
> > 
> > Cc: Solarflare linux maintainers <linux-net-drivers@solarflare.com>
> > Cc: Edward Cree <ecree@solarflare.com>
> > Cc: Martin Habets <mhabets@solarflare.com>
> > Signed-off-by: Takashi Iwai <tiwai@suse.de>
> > ---
> >  drivers/net/ethernet/sfc/mcdi.c | 12 ++++++------
> >  1 file changed, 6 insertions(+), 6 deletions(-)
> > 
> > diff --git a/drivers/net/ethernet/sfc/mcdi.c b/drivers/net/ethernet/sfc/mcdi.c
> > index 2713300343c7..ac978e24644f 100644
> > --- a/drivers/net/ethernet/sfc/mcdi.c
> > +++ b/drivers/net/ethernet/sfc/mcdi.c
> > @@ -212,11 +212,11 @@ static void efx_mcdi_send_request(struct efx_nic *efx, unsigned cmd,
> >  		 * progress on a NIC at any one time.  So no need for locking.
> >  		 */
> >  		for (i = 0; i < hdr_len / 4 && bytes < PAGE_SIZE; i++)
> > -			bytes += snprintf(buf + bytes, PAGE_SIZE - bytes,
> > +			bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes,
> >  					  " %08x", le32_to_cpu(hdr[i].u32[0]));
> >  
> >  		for (i = 0; i < inlen / 4 && bytes < PAGE_SIZE; i++)
> > -			bytes += snprintf(buf + bytes, PAGE_SIZE - bytes,
> > +			bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes,
> >  					  " %08x", le32_to_cpu(inbuf[i].u32[0]));
> >  
> >  		netif_info(efx, hw, efx->net_dev, "MCDI RPC REQ:%s\n", buf);
> > @@ -302,14 +302,14 @@ static void efx_mcdi_read_response_header(struct efx_nic *efx)
> >  		 */
> >  		for (i = 0; i < hdr_len && bytes < PAGE_SIZE; i++) {
> >  			efx->type->mcdi_read_response(efx, &hdr, (i * 4), 4);
> > -			bytes += snprintf(buf + bytes, PAGE_SIZE - bytes,
> > +			bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes,
> >  					  " %08x", le32_to_cpu(hdr.u32[0]));
> >  		}
> >  
> >  		for (i = 0; i < data_len && bytes < PAGE_SIZE; i++) {
> >  			efx->type->mcdi_read_response(efx, &hdr,
> >  					mcdi->resp_hdr_len + (i * 4), 4);
> > -			bytes += snprintf(buf + bytes, PAGE_SIZE - bytes,
> > +			bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes,
> >  					  " %08x", le32_to_cpu(hdr.u32[0]));
> >  		}
> >  
> > @@ -1417,7 +1417,7 @@ void efx_mcdi_print_fwver(struct efx_nic *efx, char *buf, size_t len)
> >  	}
> >  
> >  	ver_words = (__le16 *)MCDI_PTR(outbuf, GET_VERSION_OUT_VERSION);
> > -	offset = snprintf(buf, len, "%u.%u.%u.%u",
> > +	offset = scnprintf(buf, len, "%u.%u.%u.%u",
> >  			  le16_to_cpu(ver_words[0]), le16_to_cpu(ver_words[1]),
> >  			  le16_to_cpu(ver_words[2]), le16_to_cpu(ver_words[3]));
> >  
> > @@ -1427,7 +1427,7 @@ void efx_mcdi_print_fwver(struct efx_nic *efx, char *buf, size_t len)
> >  	if (efx_nic_rev(efx) >= EFX_REV_HUNT_A0) {
> >  		struct efx_ef10_nic_data *nic_data = efx->nic_data;
> >  
> > -		offset += snprintf(buf + offset, len - offset, " rx%x tx%x",
> > +		offset += scnprintf(buf + offset, len - offset, " rx%x tx%x",
> >  				   nic_data->rx_dpcpu_fw_id,
> >  				   nic_data->tx_dpcpu_fw_id);
> >  
> > 
> 

  reply	other threads:[~2020-03-12 11:38 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-11  8:37 [PATCH 0/7] net: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
2020-03-11  8:37 ` [PATCH 1/7] net: caif: " Takashi Iwai
2020-03-11  8:37 ` [PATCH 2/7] i40e: " Takashi Iwai
2020-03-16 20:32   ` [Intel-wired-lan] " Bowers, AndrewX
2020-03-11  8:37 ` [PATCH 3/7] mlx4: " Takashi Iwai
2020-03-11  8:37 ` [PATCH 4/7] nfp: " Takashi Iwai
2020-03-11 11:01   ` [oss-drivers] " Simon Horman
2020-03-11 21:44   ` Jakub Kicinski
2020-03-11  8:37 ` [PATCH 5/7] ionic: " Takashi Iwai
2020-03-11 11:01   ` [oss-drivers] " Simon Horman
2020-03-11 16:45   ` Shannon Nelson
2020-03-11  8:37 ` [PATCH 6/7] sfc: " Takashi Iwai
2020-03-12  9:53   ` Martin Habets
2020-03-12 11:38     ` Takashi Iwai [this message]
2020-03-11  8:37 ` [PATCH 7/7] netdevsim: " Takashi Iwai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=s5hv9n9g5w9.wl-tiwai@suse.de \
    --to=tiwai@suse.de \
    --cc=davem@davemloft.net \
    --cc=ecree@solarflare.com \
    --cc=linux-net-drivers@solarflare.com \
    --cc=mhabets@solarflare.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).