On Mon, 2017-04-10 at 20:51 +0200, Javier González wrote:
> Convert sprintf calls to snprintf in order to make possible buffer
> overflow more obvious.
>
> Signed-off-by: Javier González <jav...@cnexlabs.com>
> ---
> drivers/lightnvm/core.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/lightnvm/core.c b/drivers/lightnvm/core.c
> index c3340ef..bdbb333 100644
> --- a/drivers/lightnvm/core.c
> +++ b/drivers/lightnvm/core.c
> @@ -272,7 +272,8 @@ static int nvm_create_tgt(struct nvm_dev *dev, struct
> nvm_ioctl_create *create)
> goto err_disk;
> blk_queue_make_request(tqueue, tt->make_rq);
>
> - sprintf(tdisk->disk_name, "%s", create->tgtname);
> + snprintf(tdisk->disk_name, sizeof(tdisk->disk_name), "%s",
> + create->tgtname);
> tdisk->flags = GENHD_FL_EXT_DEVT;
> tdisk->major = 0;
> tdisk->first_minor = 0;
> @@ -1195,13 +1196,13 @@ static long nvm_ioctl_get_devices(struct file *file,
> void __user *arg)
> list_for_each_entry(dev, &nvm_devices, devices) {
> struct nvm_ioctl_device_info *info = &devices->info[i];
>
> - sprintf(info->devname, "%s", dev->name);
> + snprintf(info->devname, sizeof(info->devname), "%s", dev->name);
>
> /* kept for compatibility */
> info->bmversion[0] = 1;
> info->bmversion[1] = 0;
> info->bmversion[2] = 0;
> - sprintf(info->bmname, "%s", "gennvm");
> + snprintf(info->bmname, sizeof(info->bmname), "%s", "gennvm");
> i++;
>
> if (i > 31) {
Hello Javier,
Although the above changes look fine to me, have you considered to use strlcpy()
instead of snprintf() for these string copy operations?
Bart.
