From patchwork Thu Jan 27 16:16:45 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jitendra Lanka <jlanka@nvidia.com>
X-Patchwork-Id: 1585171
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jl5MR5DWjz9t6h
	for <incoming@patchwork.ozlabs.org>; Fri, 28 Jan 2022 03:17:06 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1nD7SD-0008Tn-CD; Thu, 27 Jan 2022 16:16:57 +0000
Received: from mail-il-dmz.mellanox.com ([193.47.165.129] helo=mellanox.co.il)
 by huckleberry.canonical.com with esmtp (Exim 4.86_2)
 (envelope-from <jlanka@mellanox.com>) id 1nD7SA-0008TU-Db
 for kernel-team@lists.ubuntu.com; Thu, 27 Jan 2022 16:16:54 +0000
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
 jlanka@mellanox.com) with SMTP; 27 Jan 2022 18:16:52 +0200
Received: from farm-1.mtbu.labs.mlnx (farm-1.mtbu.labs.mlnx [10.15.2.31])
 by mtbu-labmailer.labs.mlnx (8.14.4/8.14.4) with ESMTP id 20RGGpkO029972;
 Thu, 27 Jan 2022 11:16:51 -0500
Received: (from jlanka@localhost)
 by farm-1.mtbu.labs.mlnx (8.14.7/8.13.8/Submit) id 20RGGpHD007536;
 Thu, 27 Jan 2022 11:16:51 -0500
From: Jitendra Lanka <jlanka@nvidia.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][F:linux-bluefield][PATCH v2 1/1] UBUNTU: SAUCE: Fix references
 to sprintf that may cause buffer overflow
Date: Thu, 27 Jan 2022 11:16:45 -0500
Message-Id: 
 <53d90feb25aaa6021dd3ce9450bb39f3fdae8285.1643294545.git.jlanka@nvidia.com>
X-Mailer: git-send-email 2.30.1
In-Reply-To: <cover.1643294545.git.jlanka@nvidia.com>
References: <cover.1643294545.git.jlanka@nvidia.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: meriton@nvidia.com, khoav@nvidia.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1959119

Replace sprintf with snprintf containing a defined boundary of
PAGE_SIZE for sysfs store/show functions and max array size defined
otherwise.

Signed-off-by: Jitendra Lanka <jlanka@nvidia.com>
---
 drivers/platform/mellanox/mlxbf-pmc.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/drivers/platform/mellanox/mlxbf-pmc.c b/drivers/platform/mellanox/mlxbf-pmc.c
index 493d72a53ee4..f1c6af2a9213 100644
--- a/drivers/platform/mellanox/mlxbf-pmc.c
+++ b/drivers/platform/mellanox/mlxbf-pmc.c
@@ -681,7 +681,7 @@ static ssize_t mlxbf_counter_read(struct kobject *ko,
 	} else
 		return -EINVAL;
 
-	return sprintf(buf, "0x%llx\n", value);
+	return snprintf(buf, PAGE_SIZE, "0x%llx\n", value);
 }
 
 /* Store function for "counter" sysfs files */
@@ -758,7 +758,7 @@ static ssize_t mlxbf_event_find(struct kobject *ko,
 
 	evt_name = mlxbf_pmc_get_event_name((char *)ko->name, evt_num);
 
-	return sprintf(buf, "0x%llx: %s\n", evt_num, evt_name);
+	return snprintf(buf, PAGE_SIZE, "0x%llx: %s\n", evt_num, evt_name);
 }
 
 /* Store function for "event" sysfs files */
@@ -811,9 +811,12 @@ static ssize_t mlxbf_print_event_list(struct kobject *ko,
 
 	buf[0] = '\0';
 	while (events[i].evt_name != NULL) {
-		size += sprintf(e_info, "%x: %s\n", events[i].evt_num,
-			events[i].evt_name);
-		if (size > PAGE_SIZE)
+		size += snprintf(e_info,
+				 sizeof(e_info),
+				 "%x: %s\n",
+				 events[i].evt_num,
+				 events[i].evt_name);
+		if (size >= PAGE_SIZE)
 			break;
 		strcat(buf, e_info);
 		ret = size;
@@ -840,7 +843,7 @@ static ssize_t mlxbf_show_counter_state(struct kobject *ko,
 
 	value = FIELD_GET(MLXBF_L3C_PERF_CNT_CFG__EN, perfcnt_cfg);
 
-	return sprintf(buf, "%d\n", value);
+	return snprintf(buf, PAGE_SIZE, "%d\n", value);
 }
 
 /* Store function for "enable" sysfs files - only for l3cache */
@@ -1250,4 +1253,4 @@ module_platform_driver(pmc_driver);
 MODULE_AUTHOR("Mellanox Technologies");
 MODULE_DESCRIPTION("Mellanox PMC driver");
 MODULE_LICENSE("Dual BSD/GPL");
-MODULE_VERSION(__stringify(DRIVER_VERSION));
\ No newline at end of file
+MODULE_VERSION(__stringify(DRIVER_VERSION));