RE: [PATCH 1/8] scsi: aacraid: Use scnprintf() for avoiding potential buffer overflow

<Balsundar.P@xxxxxxxxxxxxx> · Fri, 13 Mar 2020 05:47:26 +0000

Acked-by: Balsundar P < Balsundar.P@xxxxxxxxxxxxx>

-----Original Message-----
From: Takashi Iwai <tiwai@xxxxxxx> 
Sent: Wednesday, March 11, 2020 14:46
To: James E . J . Bottomley <jejb@xxxxxxxxxxxxx>; Martin K . Petersen <martin.petersen@xxxxxxxxxx>
Cc: linux-scsi@xxxxxxxxxxxxxxx; Adaptec OEM Raid Solutions <aacraid@xxxxxxxxxxxxx>
Subject: [PATCH 1/8] scsi: aacraid: Use scnprintf() for avoiding potential buffer overflow

EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe

Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit.  Fix it by replacing with scnprintf().

Cc: Adaptec OEM Raid Solutions <aacraid@xxxxxxxxxxxxx>
Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
---
 drivers/scsi/aacraid/linit.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c index b1d133de29ab..046fef4ff1f0 100644
--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -1287,20 +1287,20 @@ static ssize_t aac_show_flags(struct device *cdev,
        if (nblank(dprintk(x)))
                len = snprintf(buf, PAGE_SIZE, "dprintk\n");  #ifdef AAC_DETAILED_STATUS_INFO
-       len += snprintf(buf + len, PAGE_SIZE - len,
+       len += scnprintf(buf + len, PAGE_SIZE - len,
                        "AAC_DETAILED_STATUS_INFO\n");  #endif
        if (dev->raw_io_interface && dev->raw_io_64)
-               len += snprintf(buf + len, PAGE_SIZE - len,
+               len += scnprintf(buf + len, PAGE_SIZE - len,
                                "SAI_READ_CAPACITY_16\n");
        if (dev->jbod)
-               len += snprintf(buf + len, PAGE_SIZE - len, "SUPPORTED_JBOD\n");
+               len += scnprintf(buf + len, PAGE_SIZE - len, 
+ "SUPPORTED_JBOD\n");
        if (dev->supplement_adapter_info.supported_options2 &
                AAC_OPTION_POWER_MANAGEMENT)
-               len += snprintf(buf + len, PAGE_SIZE - len,
+               len += scnprintf(buf + len, PAGE_SIZE - len,
                                "SUPPORTED_POWER_MANAGEMENT\n");
        if (dev->msi)
-               len += snprintf(buf + len, PAGE_SIZE - len, "PCI_HAS_MSI\n");
+               len += scnprintf(buf + len, PAGE_SIZE - len, 
+ "PCI_HAS_MSI\n");
        return len;
 }

--
2.16.4








