Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 53f91dc1f76922375ad7957ef29f48986722532d

Authored by Changli Gao
Committed by David S. Miller
1 parent 145ce502e4
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

net: use scnprintf() to avoid potential buffer overflow 

strlcpy() returns the total length of the string they tried to create, so
we should not use its return value without any check. scnprintf() returns
the number of characters written into @buf not including the trailing '\0',
so use it instead here.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 1 changed file with 3 additions and 3 deletions Side-by-side Diff

... ... @@ -367,7 +367,7 @@
367 367 EXPORT_SYMBOL(alloc_etherdev_mq);
368 368  
369 369 static size_t _format_mac_addr(char *buf, int buflen,
370   - const unsigned char *addr, int len)
  370 + const unsigned char *addr, int len)
371 371 {
372 372 int i;
373 373 char *cp = buf;
... ... @@ -376,7 +376,7 @@
376 376 cp += scnprintf(cp, buflen - (cp - buf), "%02x", addr[i]);
377 377 if (i == len - 1)
378 378 break;
379   - cp += strlcpy(cp, ":", buflen - (cp - buf));
  379 + cp += scnprintf(cp, buflen - (cp - buf), ":");
380 380 }
381 381 return cp - buf;
382 382 }
... ... @@ -386,7 +386,7 @@
386 386 size_t l;
387 387  
388 388 l = _format_mac_addr(buf, PAGE_SIZE, addr, len);
389   - l += strlcpy(buf + l, "\n", PAGE_SIZE - l);
  389 + l += scnprintf(buf + l, PAGE_SIZE - l, "\n");
390 390 return ((ssize_t) l);
391 391 }
392 392 EXPORT_SYMBOL(sysfs_format_mac);