From patchwork Tue Mar 8 20:40:52 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rasmus Villemoes X-Patchwork-Id: 594329 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id BCFB214032B for ; Wed, 9 Mar 2016 07:42:17 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=rasmusvillemoes.dk header.i=@rasmusvillemoes.dk header.b=DuPp53vQ; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751858AbcCHUl2 (ORCPT ); Tue, 8 Mar 2016 15:41:28 -0500 Received: from mail-wm0-f48.google.com ([74.125.82.48]:38052 "EHLO mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751708AbcCHUlK (ORCPT ); Tue, 8 Mar 2016 15:41:10 -0500 Received: by mail-wm0-f48.google.com with SMTP id l68so44047840wml.1 for ; Tue, 08 Mar 2016 12:41:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=eidIzv4zp3mC23I0LXiaY27wZasGxBoCZnSWypgKjV8=; b=DuPp53vQ7JyPmFEb9D4k85drGsfLAh1jTuA/N4kvqaTEuZKEVg7WSKHSbeOoKu8QT2 hg4fD+amf//UgSxRWvm/wItE5S8Z1DY9GskQoQBHdwDHB2J9C1S2us3WMrGU8VZo4MDb pBJKs4LW7fNA7JWW1fR/+wYGC9cju/s9TxZ1E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=eidIzv4zp3mC23I0LXiaY27wZasGxBoCZnSWypgKjV8=; b=a6mDWrjZpb44d0lzygmgmZjRXfksOlo0nTwXQOU/UhPOxfqcQlUQijD4eKUXdTD/+u CnsHgSDOn5mWvSGAZ0CfnR3zUbHe/P7G9ND52aSZvMQERKnKCvkFTDh7rqEFLyo6j3Kt XMqUw/DTVt9h5Y/tSQPA57al4FgipxOwImQMfQfx3fhaQ2OlCnOq8SEBjizf8B/SRq6K U3V0k21/2pxSn/zQNdnDEQy+VSUNgzaMVc7xGV4lFrkptsHl7p9FDiPdsmtOxUDEKp4c 6iXmCiLKSWPu5fNw2Mze2uHF9FOxlYnPzKYMVEuazHLDtYtRMseajuA5RAvMlTSJLHtN NC8g== X-Gm-Message-State: AD7BkJL5BtqaPZDSH1qF0fCqr1qoTZ5UXxAVNl1R4CAukWjssFs0lOULmWuoKNlX88WG7Q== X-Received: by 10.194.179.227 with SMTP id dj3mr25964400wjc.50.1457469667564; Tue, 08 Mar 2016 12:41:07 -0800 (PST) Received: from wildmoose.dk (lvps87-230-87-209.dedicated.hosteurope.de. [87.230.87.209]) by smtp.gmail.com with ESMTPSA id b203sm5088471wmh.8.2016.03.08.12.41.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 08 Mar 2016 12:41:07 -0800 (PST) From: Rasmus Villemoes To: Kees Cook , Andrew Morton , Kalle Valo Cc: Rasmus Villemoes , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC 5/7] wlcore: avoid fragile snprintf use Date: Tue, 8 Mar 2016 21:40:52 +0100 Message-Id: <1457469654-17059-6-git-send-email-linux@rasmusvillemoes.dk> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1457469654-17059-1-git-send-email-linux@rasmusvillemoes.dk> References: <1457469654-17059-1-git-send-email-linux@rasmusvillemoes.dk> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Appending to a buffer like this is not guaranteed to work (passing overlapping src and dst buffers to snprintf is undefined behaviour). The standard and safe idiom is to keep track of the current string length. Signed-off-by: Rasmus Villemoes --- drivers/net/wireless/ti/wlcore/boot.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/ti/wlcore/boot.c b/drivers/net/wireless/ti/wlcore/boot.c index 19b7ec7b69c2..401d75c02bf4 100644 --- a/drivers/net/wireless/ti/wlcore/boot.c +++ b/drivers/net/wireless/ti/wlcore/boot.c @@ -86,7 +86,7 @@ static int wlcore_validate_fw_ver(struct wl1271 *wl) unsigned int *min_ver = (wl->fw_type == WL12XX_FW_TYPE_MULTI) ? wl->min_mr_fw_ver : wl->min_sr_fw_ver; char min_fw_str[32] = ""; - int i; + int i, len; /* the chip must be exactly equal */ if ((min_ver[FW_VER_CHIP] != WLCORE_FW_VER_IGNORE) && @@ -119,13 +119,15 @@ static int wlcore_validate_fw_ver(struct wl1271 *wl) return 0; fail: + len = 0; for (i = 0; i < NUM_FW_VER; i++) if (min_ver[i] == WLCORE_FW_VER_IGNORE) - snprintf(min_fw_str, sizeof(min_fw_str), - "%s*.", min_fw_str); + len += scnprintf(min_fw_str + len, + sizeof(min_fw_str) - len, "*."); else - snprintf(min_fw_str, sizeof(min_fw_str), - "%s%u.", min_fw_str, min_ver[i]); + len += scnprintf(min_fw_str + len, + sizeof(min_fw_str) - len, + "%u.", min_ver[i]); wl1271_error("Your WiFi FW version (%u.%u.%u.%u.%u) is invalid.\n" "Please use at least FW %s\n"