* [PATCH net-next] ptp: prevent string overflow
@ 2023-10-18 14:20 Dan Carpenter
2023-10-18 20:34 ` Przemek Kitszel
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Dan Carpenter @ 2023-10-18 14:20 UTC (permalink / raw)
To: Xabier Marquiegui
Cc: Richard Cochran, David S. Miller, netdev, kernel-janitors
The ida_alloc_max() function can return up to INT_MAX so this buffer is
not large enough. Also use snprintf() for extra safety.
Fixes: 403376ddb422 ("ptp: add debugfs interface to see applied channel masks")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
drivers/ptp/ptp_clock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
index 2e801cd33220..3d1b0a97301c 100644
--- a/drivers/ptp/ptp_clock.c
+++ b/drivers/ptp/ptp_clock.c
@@ -220,7 +220,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
struct ptp_clock *ptp;
struct timestamp_event_queue *queue = NULL;
int err = 0, index, major = MAJOR(ptp_devt);
- char debugfsname[8];
+ char debugfsname[16];
size_t size;
if (info->n_alarm > PTP_MAX_ALARMS)
@@ -343,7 +343,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
}
/* Debugfs initialization */
- sprintf(debugfsname, "ptp%d", ptp->index);
+ snprintf(debugfsname, sizeof(debugfsname), "ptp%d", ptp->index);
ptp->debugfs_root = debugfs_create_dir(debugfsname, NULL);
return ptp;
--
2.42.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] ptp: prevent string overflow
2023-10-18 14:20 [PATCH net-next] ptp: prevent string overflow Dan Carpenter
@ 2023-10-18 20:34 ` Przemek Kitszel
2023-10-18 21:36 ` Xabier Marquiegui
2023-10-19 23:00 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Przemek Kitszel @ 2023-10-18 20:34 UTC (permalink / raw)
To: Dan Carpenter, Xabier Marquiegui
Cc: Richard Cochran, David S. Miller, netdev, kernel-janitors
On 10/18/23 16:20, Dan Carpenter wrote:
> The ida_alloc_max() function can return up to INT_MAX so this buffer is
> not large enough. Also use snprintf() for extra safety.
>
> Fixes: 403376ddb422 ("ptp: add debugfs interface to see applied channel masks")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
> drivers/ptp/ptp_clock.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
> index 2e801cd33220..3d1b0a97301c 100644
> --- a/drivers/ptp/ptp_clock.c
> +++ b/drivers/ptp/ptp_clock.c
> @@ -220,7 +220,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
> struct ptp_clock *ptp;
> struct timestamp_event_queue *queue = NULL;
> int err = 0, index, major = MAJOR(ptp_devt);
> - char debugfsname[8];
> + char debugfsname[16];
> size_t size;
>
> if (info->n_alarm > PTP_MAX_ALARMS)
> @@ -343,7 +343,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
> }
>
> /* Debugfs initialization */
> - sprintf(debugfsname, "ptp%d", ptp->index);
> + snprintf(debugfsname, sizeof(debugfsname), "ptp%d", ptp->index);
> ptp->debugfs_root = debugfs_create_dir(debugfsname, NULL);
>
> return ptp;
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] ptp: prevent string overflow
2023-10-18 14:20 [PATCH net-next] ptp: prevent string overflow Dan Carpenter
2023-10-18 20:34 ` Przemek Kitszel
@ 2023-10-18 21:36 ` Xabier Marquiegui
2023-10-19 23:00 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Xabier Marquiegui @ 2023-10-18 21:36 UTC (permalink / raw)
To: dan.carpenter; +Cc: davem, kernel-janitors, netdev, reibax, richardcochran
Nice catch Dan. Thank you very much for the fix! Looks good to me.
Cheers,
Xabier.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] ptp: prevent string overflow
2023-10-18 14:20 [PATCH net-next] ptp: prevent string overflow Dan Carpenter
2023-10-18 20:34 ` Przemek Kitszel
2023-10-18 21:36 ` Xabier Marquiegui
@ 2023-10-19 23:00 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-10-19 23:00 UTC (permalink / raw)
To: Dan Carpenter; +Cc: reibax, richardcochran, davem, netdev, kernel-janitors
Hello:
This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Wed, 18 Oct 2023 17:20:11 +0300 you wrote:
> The ida_alloc_max() function can return up to INT_MAX so this buffer is
> not large enough. Also use snprintf() for extra safety.
>
> Fixes: 403376ddb422 ("ptp: add debugfs interface to see applied channel masks")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
> drivers/ptp/ptp_clock.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Here is the summary with links:
- [net-next] ptp: prevent string overflow
https://git.kernel.org/netdev/net-next/c/75a384ceda93
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-10-19 23:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-18 14:20 [PATCH net-next] ptp: prevent string overflow Dan Carpenter
2023-10-18 20:34 ` Przemek Kitszel
2023-10-18 21:36 ` Xabier Marquiegui
2023-10-19 23:00 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).