net: nfp: Use scnprintf() for avoiding potential buffer overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().

Reviewed-by: Simon Horman <simon.horman@netronome.com>
Cc: "David S . Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: oss-drivers@netronome.com
To: netdev@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Takashi Iwai and committed by

David S. Miller 6 years ago 413ae546 4a348601

+4 -4

1 changed file

expand all

drivers

net

ethernet

netronome

nfp

nfpcore

nfp6000_pcie.c

+4 -4

drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c

··· 616 616 if (bar->iomem) { 617 617 int pf; 618 618 619 - msg += snprintf(msg, end - msg, "0.0: General/MSI-X SRAM, "); 619 + msg += scnprintf(msg, end - msg, "0.0: General/MSI-X SRAM, "); 620 620 atomic_inc(&bar->refcnt); 621 621 bars_free--; 622 622 ··· 661 661 662 662 /* Configure, and lock, BAR0.1 for PCIe XPB (MSI-X PBA) */ 663 663 bar = &nfp->bar[1]; 664 - msg += snprintf(msg, end - msg, "0.1: PCIe XPB/MSI-X PBA, "); 664 + msg += scnprintf(msg, end - msg, "0.1: PCIe XPB/MSI-X PBA, "); 665 665 atomic_inc(&bar->refcnt); 666 666 bars_free--; 667 667 ··· 680 680 bar->iomem = ioremap(nfp_bar_resource_start(bar), 681 681 nfp_bar_resource_len(bar)); 682 682 if (bar->iomem) { 683 - msg += snprintf(msg, end - msg, 684 - "0.%d: Explicit%d, ", 4 + i, i); 683 + msg += scnprintf(msg, end - msg, 684 + "0.%d: Explicit%d, ", 4 + i, i); 685 685 atomic_inc(&bar->refcnt); 686 686 bars_free--; 687 687