Commit 81156928f8fe31621e467490b9d441c0285998c3
Committed by
Linus Torvalds
1 parent
0d54ee1c78
Exists in
master
and in
20 other branches
dell_rbu: use scnprintf() instead of less secure sprintf()
Reading 0 bytes from /sys/devices/platform/dell_rbu/image_type or /sys/devices/platform/dell_rbu/packet_size by an ordinary user causes an oops. Signed-off-by: Pavel Roskin <proski@gnu.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff
drivers/firmware/dell_rbu.c
... | ... | @@ -576,7 +576,7 @@ |
576 | 576 | { |
577 | 577 | int size = 0; |
578 | 578 | if (!pos) |
579 | - size = sprintf(buffer, "%s\n", image_type); | |
579 | + size = scnprintf(buffer, count, "%s\n", image_type); | |
580 | 580 | return size; |
581 | 581 | } |
582 | 582 | |
... | ... | @@ -648,7 +648,7 @@ |
648 | 648 | int size = 0; |
649 | 649 | if (!pos) { |
650 | 650 | spin_lock(&rbu_data.lock); |
651 | - size = sprintf(buffer, "%lu\n", rbu_data.packetsize); | |
651 | + size = scnprintf(buffer, count, "%lu\n", rbu_data.packetsize); | |
652 | 652 | spin_unlock(&rbu_data.lock); |
653 | 653 | } |
654 | 654 | return size; |