redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity

net: mlx4: Use scnprintf() for avoiding potential buffer overflow

Browse source 
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Cc: "David S . Miller" <davem@davemloft.net>
Cc: Tariq Toukan <tariqt@mellanox.com>
To: netdev@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Takashi Iwai 2020-03-15 10:34:59 +01:00 committed by David S. Miller
parent 13bde56c5b
commit 4a348601eb
1 changed files with 31 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
drivers/net/ethernet/mellanox/mlx4/mcg.c
View file

@ -906,59 +906,59 @@ static void mlx4_err_rule(struct mlx4_dev *dev, char *str,
int len = 0;
mlx4_err(dev, "%s", str);
len += snprintf(buf + len, BUF_SIZE - len,
"port = %d prio = 0x%x qp = 0x%x ",
rule->port, rule->priority, rule->qpn);
len += scnprintf(buf + len, BUF_SIZE - len,
"port = %d prio = 0x%x qp = 0x%x ",
rule->port, rule->priority, rule->qpn);
list_for_each_entry(cur, &rule->list, list) {
switch (cur->id) {
case MLX4_NET_TRANS_RULE_ID_ETH:
len += snprintf(buf + len, BUF_SIZE - len,
"dmac = %pM ", &cur->eth.dst_mac);
len += scnprintf(buf + len, BUF_SIZE - len,
"dmac = %pM ", &cur->eth.dst_mac);
if (cur->eth.ether_type)
len += snprintf(buf + len, BUF_SIZE - len,
"ethertype = 0x%x ",
be16_to_cpu(cur->eth.ether_type));
len += scnprintf(buf + len, BUF_SIZE - len,
"ethertype = 0x%x ",
be16_to_cpu(cur->eth.ether_type));
if (cur->eth.vlan_id)
len += snprintf(buf + len, BUF_SIZE - len,
"vlan-id = %d ",
be16_to_cpu(cur->eth.vlan_id));
len += scnprintf(buf + len, BUF_SIZE - len,
"vlan-id = %d ",
be16_to_cpu(cur->eth.vlan_id));
break;
case MLX4_NET_TRANS_RULE_ID_IPV4:
if (cur->ipv4.src_ip)
len += snprintf(buf + len, BUF_SIZE - len,
"src-ip = %pI4 ",
&cur->ipv4.src_ip);
len += scnprintf(buf + len, BUF_SIZE - len,
"src-ip = %pI4 ",
&cur->ipv4.src_ip);
if (cur->ipv4.dst_ip)
len += snprintf(buf + len, BUF_SIZE - len,
"dst-ip = %pI4 ",
&cur->ipv4.dst_ip);
len += scnprintf(buf + len, BUF_SIZE - len,
"dst-ip = %pI4 ",
&cur->ipv4.dst_ip);
break;
case MLX4_NET_TRANS_RULE_ID_TCP:
case MLX4_NET_TRANS_RULE_ID_UDP:
if (cur->tcp_udp.src_port)
len += snprintf(buf + len, BUF_SIZE - len,
"src-port = %d ",
be16_to_cpu(cur->tcp_udp.src_port));
len += scnprintf(buf + len, BUF_SIZE - len,
"src-port = %d ",
be16_to_cpu(cur->tcp_udp.src_port));
if (cur->tcp_udp.dst_port)
len += snprintf(buf + len, BUF_SIZE - len,
"dst-port = %d ",
be16_to_cpu(cur->tcp_udp.dst_port));
len += scnprintf(buf + len, BUF_SIZE - len,
"dst-port = %d ",
be16_to_cpu(cur->tcp_udp.dst_port));
break;
case MLX4_NET_TRANS_RULE_ID_IB:
len += snprintf(buf + len, BUF_SIZE - len,
"dst-gid = %pI6\n", cur->ib.dst_gid);
len += snprintf(buf + len, BUF_SIZE - len,
"dst-gid-mask = %pI6\n",
cur->ib.dst_gid_msk);
len += scnprintf(buf + len, BUF_SIZE - len,
"dst-gid = %pI6\n", cur->ib.dst_gid);
len += scnprintf(buf + len, BUF_SIZE - len,
"dst-gid-mask = %pI6\n",
cur->ib.dst_gid_msk);
break;
case MLX4_NET_TRANS_RULE_ID_VXLAN:
len += snprintf(buf + len, BUF_SIZE - len,
"VNID = %d ", be32_to_cpu(cur->vxlan.vni));
len += scnprintf(buf + len, BUF_SIZE - len,
"VNID = %d ", be32_to_cpu(cur->vxlan.vni));
break;
case MLX4_NET_TRANS_RULE_ID_IPV6:
break;
@ -967,7 +967,7 @@ static void mlx4_err_rule(struct mlx4_dev *dev, char *str,
break;
}
}
len += snprintf(buf + len, BUF_SIZE - len, "\n");
len += scnprintf(buf + len, BUF_SIZE - len, "\n");
mlx4_err(dev, "%s", buf);
if (len >= BUF_SIZE)