[PATCH] bcache: Use scnprintf() for avoiding potential buffer overflow

[PATCH] bcache: Use scnprintf() for avoiding potential buffer overflow

[Takashi Iwai]

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 drivers/md/bcache/sysfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
index 3470fae4eabc..323276994aab 100644
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf,
 	size_t i;
 
 	for (i = 0; list[i]; i++)
-		out += snprintf(out, buf + size - out,
+		out += scnprintf(out, buf + size - out,
 				i == selected ? "[%s] " : "%s ", list[i]);
 
 	out[-1] = '\n';
-- 
2.16.4

Re: [PATCH] bcache: Use scnprintf() for avoiding potential buffer overflow

[Takashi Iwai]

On Wed, 11 Mar 2020 08:45:58 +0100,
Takashi Iwai wrote:
> 
> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit.  Fix it by replacing with scnprintf().
> 
> Signed-off-by: Takashi Iwai <tiwai@suse.de>

A gentle reminder for this forgotten patch.
Let me know if any further changes are needed.


thanks,

Takashi

> ---
>  drivers/md/bcache/sysfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
> index 3470fae4eabc..323276994aab 100644
> --- a/drivers/md/bcache/sysfs.c
> +++ b/drivers/md/bcache/sysfs.c
> @@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf,
>  	size_t i;
>  
>  	for (i = 0; list[i]; i++)
> -		out += snprintf(out, buf + size - out,
> +		out += scnprintf(out, buf + size - out,
>  				i == selected ? "[%s] " : "%s ", list[i]);
>  
>  	out[-1] = '\n';
> -- 
> 2.16.4
> 

Re: [PATCH] bcache: Use scnprintf() for avoiding potential buffer overflow

[Coly Li]

On 2020/3/19 11:58 下午, Takashi Iwai wrote:
> On Wed, 11 Mar 2020 08:45:58 +0100,
> Takashi Iwai wrote:
>>
>> Since snprintf() returns the would-be-output size instead of the
>> actual output size, the succeeding calls may go beyond the given
>> buffer limit.  Fix it by replacing with scnprintf().
>>
>> Signed-off-by: Takashi Iwai <tiwai@suse.de>
> 
> A gentle reminder for this forgotten patch.
> Let me know if any further changes are needed.
> 

Hi Takashi,

This is in my for-next list already. Sorry for not reply you yet, just
busy on the testing with combined with md raid backend.

Thanks.

Coly Li

>> ---
>>  drivers/md/bcache/sysfs.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
>> index 3470fae4eabc..323276994aab 100644
>> --- a/drivers/md/bcache/sysfs.c
>> +++ b/drivers/md/bcache/sysfs.c
>> @@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf,
>>  	size_t i;
>>  
>>  	for (i = 0; list[i]; i++)
>> -		out += snprintf(out, buf + size - out,
>> +		out += scnprintf(out, buf + size - out,
>>  				i == selected ? "[%s] " : "%s ", list[i]);
>>  
>>  	out[-1] = '\n';
>> -- 
>> 2.16.4
>>


-- 

Coly Li

Re: [PATCH] bcache: Use scnprintf() for avoiding potential buffer overflow

[Takashi Iwai]

On Thu, 19 Mar 2020 17:27:47 +0100,
Coly Li wrote:
> 
> On 2020/3/19 11:58 下午, Takashi Iwai wrote:
> > On Wed, 11 Mar 2020 08:45:58 +0100,
> > Takashi Iwai wrote:
> >>
> >> Since snprintf() returns the would-be-output size instead of the
> >> actual output size, the succeeding calls may go beyond the given
> >> buffer limit.  Fix it by replacing with scnprintf().
> >>
> >> Signed-off-by: Takashi Iwai <tiwai@suse.de>
> > 
> > A gentle reminder for this forgotten patch.
> > Let me know if any further changes are needed.
> > 
> 
> Hi Takashi,
> 
> This is in my for-next list already. Sorry for not reply you yet, just
> busy on the testing with combined with md raid backend.

OK, thanks.  I just wondered because it didn't appear on linux-next,
either.


Takashi

> 
> Thanks.
> 
> Coly Li
> 
> >> ---
> >>  drivers/md/bcache/sysfs.c | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
> >> index 3470fae4eabc..323276994aab 100644
> >> --- a/drivers/md/bcache/sysfs.c
> >> +++ b/drivers/md/bcache/sysfs.c
> >> @@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf,
> >>  	size_t i;
> >>  
> >>  	for (i = 0; list[i]; i++)
> >> -		out += snprintf(out, buf + size - out,
> >> +		out += scnprintf(out, buf + size - out,
> >>  				i == selected ? "[%s] " : "%s ", list[i]);
> >>  
> >>  	out[-1] = '\n';
> >> -- 
> >> 2.16.4
> >>
> 
> 
> -- 
> 
> Coly Li
> 

Re: [PATCH] bcache: Use scnprintf() for avoiding potential buffer overflow

[Coly Li]

On 2020/3/20 12:28 上午, Takashi Iwai wrote:
> On Thu, 19 Mar 2020 17:27:47 +0100,
> Coly Li wrote:
>>
>> On 2020/3/19 11:58 下午, Takashi Iwai wrote:
>>> On Wed, 11 Mar 2020 08:45:58 +0100,
>>> Takashi Iwai wrote:
>>>>
>>>> Since snprintf() returns the would-be-output size instead of the
>>>> actual output size, the succeeding calls may go beyond the given
>>>> buffer limit.  Fix it by replacing with scnprintf().
>>>>
>>>> Signed-off-by: Takashi Iwai <tiwai@suse.de>
>>>
>>> A gentle reminder for this forgotten patch.
>>> Let me know if any further changes are needed.
>>>
>>
>> Hi Takashi,
>>
>> This is in my for-next list already. Sorry for not reply you yet, just
>> busy on the testing with combined with md raid backend.
> 
> OK, thanks.  I just wondered because it didn't appear on linux-next,
> either.

I don't submit the patch set to Jens yet, because my local testing not
finished yet. Hopefully it may finish in next 2 days.

-- 

Coly Li