mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-09 06:33:34 +00:00
scsi: ipr: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Link: https://lore.kernel.org/r/20200315094241.9086-6-tiwai@suse.de Cc: "James E . J . Bottomley" <jejb@linux.ibm.com> Cc: "Martin K . Petersen" <martin.petersen@oracle.com> Cc: Brian King <brking@us.ibm.com> Cc: linux-scsi@vger.kernel.org Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
parent
473e554d65
commit
6f0cf42474
@ -1299,9 +1299,9 @@ static char *__ipr_format_res_path(u8 *res_path, char *buffer, int len)
|
||||
char *p = buffer;
|
||||
|
||||
*p = '\0';
|
||||
p += snprintf(p, buffer + len - p, "%02X", res_path[0]);
|
||||
p += scnprintf(p, buffer + len - p, "%02X", res_path[0]);
|
||||
for (i = 1; res_path[i] != 0xff && ((i * 3) < len); i++)
|
||||
p += snprintf(p, buffer + len - p, "-%02X", res_path[i]);
|
||||
p += scnprintf(p, buffer + len - p, "-%02X", res_path[i]);
|
||||
|
||||
return buffer;
|
||||
}
|
||||
@ -1322,7 +1322,7 @@ static char *ipr_format_res_path(struct ipr_ioa_cfg *ioa_cfg,
|
||||
char *p = buffer;
|
||||
|
||||
*p = '\0';
|
||||
p += snprintf(p, buffer + len - p, "%d/", ioa_cfg->host->host_no);
|
||||
p += scnprintf(p, buffer + len - p, "%d/", ioa_cfg->host->host_no);
|
||||
__ipr_format_res_path(res_path, p, len - (buffer - p));
|
||||
return buffer;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user