| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Feb 2024 08:44:15 +0000
From: Lee Jones <lee@...nel.org>
To: lee@...nel.org
Cc: linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org,
Finn Thain <fthain@...ux-m68k.org>,
Michael Schmitz <schmitzmic@...il.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
drew@...orado.edu,
Tnx to <Thomas_Roesch@...maus.de>,
linux-scsi@...r.kernel.org
Subject: [PATCH 03/10] scsi: NCR5380: Replace snprintf() with the safer scnprintf() variant
There is a general misunderstanding amongst engineers that {v}snprintf()
returns the length of the data *actually* encoded into the destination
array. However, as per the C99 standard {v}snprintf() really returns
the length of the data that *would have been* written if there were
enough space for it. This misunderstanding has led to buffer-overruns
in the past. It's generally considered safer to use the {v}scnprintf()
variants in their place (or even sprintf() in simple cases). So let's
do that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Lee Jones <lee@...nel.org>
---
Cc: Finn Thain <fthain@...ux-m68k.org>
Cc: Michael Schmitz <schmitzmic@...il.com>
Cc: "James E.J. Bottomley" <jejb@...ux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@...cle.com>
Cc: drew@...orado.edu
Cc: Tnx to <Thomas_Roesch@...maus.de>
Cc: linux-scsi@...r.kernel.org
---
drivers/scsi/NCR5380.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c
index cea3a79d538e4..ea565e843c765 100644
--- a/drivers/scsi/NCR5380.c
+++ b/drivers/scsi/NCR5380.c
@@ -421,14 +421,14 @@ static int NCR5380_init(struct Scsi_Host *instance, int flags)
if (!hostdata->work_q)
return -ENOMEM;
- snprintf(hostdata->info, sizeof(hostdata->info),
- "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
- instance->hostt->name, instance->irq, hostdata->io_port,
- hostdata->base, instance->can_queue, instance->cmd_per_lun,
- instance->sg_tablesize, instance->this_id,
- hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
- hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
- hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
+ scnprintf(hostdata->info, sizeof(hostdata->info),
+ "%s, irq %d, io_port 0x%lx, base 0x%lx, can_queue %d, cmd_per_lun %d, sg_tablesize %d, this_id %d, flags { %s%s%s}",
+ instance->hostt->name, instance->irq, hostdata->io_port,
+ hostdata->base, instance->can_queue, instance->cmd_per_lun,
+ instance->sg_tablesize, instance->this_id,
+ hostdata->flags & FLAG_DMA_FIXUP ? "DMA_FIXUP " : "",
+ hostdata->flags & FLAG_NO_PSEUDO_DMA ? "NO_PSEUDO_DMA " : "",
+ hostdata->flags & FLAG_TOSHIBA_DELAY ? "TOSHIBA_DELAY " : "");
NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
NCR5380_write(MODE_REG, MR_BASE);
--
2.43.0.594.gd9cf4e227d-goog
Powered by blists - more mailing lists