The following commit has been merged into the efi/urgent branch of tip:
Commit-ID: b450b30b97010e5c68ab522c6f6c54ef76bd0683
Gitweb: https://git.kernel.org/tip/b450b30b97010e5c68ab522c6f6c54ef76bd0683
Author: Takashi Iwai <tiwai@xxxxxxx>
AuthorDate: Thu, 09 Apr 2020 15:04:26 +02:00
Committer: Ingo Molnar <mingo@xxxxxxxxxx>
CommitterDate: Tue, 14 Apr 2020 08:32:11 +02:00
efi/cper: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20200311072145.5001-1-tiwai@xxxxxxx
Link: https://lore.kernel.org/r/20200409130434.6736-2-ardb@xxxxxxxxxx
---
drivers/firmware/efi/cper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
index b1af0de..9d25129 100644
--- a/drivers/firmware/efi/cper.c
+++ b/drivers/firmware/efi/cper.c
@@ -101,7 +101,7 @@ void cper_print_bits(const char *pfx, unsigned int bits,
if (!len)
len = snprintf(buf, sizeof(buf), "%s%s", pfx, str);
else
- len += snprintf(buf+len, sizeof(buf)-len, ", %s", str);
+ len += scnprintf(buf+len, sizeof(buf)-len, ", %s", str);
}
if (len)
printk("%s\n", buf);
|