> On 10 Apr 2017, at 20.56, Bart Van Assche <bart.vanass...@sandisk.com> wrote:
>
> On Mon, 2017-04-10 at 20:51 +0200, Javier González wrote:
>> Convert sprintf calls to snprintf in order to make possible buffer
>> overflow more obvious.
>>
>> Signed-off-by: Javier González <jav...@cnexlabs.com>
>> ---
>> drivers/lightnvm/core.c | 7 ++++---
>> 1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/lightnvm/core.c b/drivers/lightnvm/core.c
>> index c3340ef..bdbb333 100644
>> --- a/drivers/lightnvm/core.c
>> +++ b/drivers/lightnvm/core.c
>> @@ -272,7 +272,8 @@ static int nvm_create_tgt(struct nvm_dev *dev, struct
>> nvm_ioctl_create *create)
>> goto err_disk;
>> blk_queue_make_request(tqueue, tt->make_rq);
>>
>> - sprintf(tdisk->disk_name, "%s", create->tgtname);
>> + snprintf(tdisk->disk_name, sizeof(tdisk->disk_name), "%s",
>> + create->tgtname);
>> tdisk->flags = GENHD_FL_EXT_DEVT;
>> tdisk->major = 0;
>> tdisk->first_minor = 0;
>> @@ -1195,13 +1196,13 @@ static long nvm_ioctl_get_devices(struct file *file,
>> void __user *arg)
>> list_for_each_entry(dev, &nvm_devices, devices) {
>> struct nvm_ioctl_device_info *info = &devices->info[i];
>>
>> - sprintf(info->devname, "%s", dev->name);
>> + snprintf(info->devname, sizeof(info->devname), "%s", dev->name);
>>
>> /* kept for compatibility */
>> info->bmversion[0] = 1;
>> info->bmversion[1] = 0;
>> info->bmversion[2] = 0;
>> - sprintf(info->bmname, "%s", "gennvm");
>> + snprintf(info->bmname, sizeof(info->bmname), "%s", "gennvm");
>> i++;
>>
>> if (i > 31) {
>
> Hello Javier,
>
> Although the above changes look fine to me, have you considered to use
> strlcpy()
> instead of snprintf() for these string copy operations?You're right. It is a better way of doing it. Thanks! > > Bart. Javier
signature.asc
Description: Message signed with OpenPGP
