From 505c9d27b804f2b1e1e6432a89876df197432bbe Mon Sep 17 00:00:00 2001 From: Johan Hovold Date: Tue, 1 Sep 2015 12:25:27 +0200 Subject: [PATCH] greybus: interface: fix potential attribute-buffer overflow Use scnprintf in the generic attribute helper, which does not currently check for buffer overflow. The attribute helper is used to print generic strings, which could potentially overflow the buffer. Note that the only strings currently exported are taken from greybus string descriptors and should therefore be limited to 255 chars. Signed-off-by: Johan Hovold Reviewed-by: Viresh Kumar Reviewed-by: Bryan O'Donoghue --- drivers/staging/greybus/interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/greybus/interface.c b/drivers/staging/greybus/interface.c index c5211a313d34..0c3613e16d57 100644 --- a/drivers/staging/greybus/interface.c +++ b/drivers/staging/greybus/interface.c @@ -16,7 +16,7 @@ static ssize_t field##_show(struct device *dev, \ char *buf) \ { \ struct gb_interface *intf = to_gb_interface(dev); \ - return sprintf(buf, "%"#type"\n", intf->field); \ + return scnprintf(buf, PAGE_SIZE, "%"#type"\n", intf->field); \ } \ static DEVICE_ATTR_RO(field) -- 2.20.1