2005-01-14 20:40:35

by Bjorn Helgaas

[permalink] [raw]
Subject: [PATCH] prevent pci_name_bus() buffer overflows

Fix pci_name_bus() so it can't overflow caller's buffer.
Noticed by David Mosberger.

Signed-off-by: Bjorn Helgaas <[email protected]>

===== arch/ppc64/kernel/pci.c 1.62 vs edited =====
--- 1.62/arch/ppc64/kernel/pci.c 2005-01-11 17:42:39 -07:00
+++ edited/arch/ppc64/kernel/pci.c 2005-01-14 13:03:48 -07:00
@@ -301,16 +301,16 @@
EXPORT_SYMBOL(pci_domain_nr);

/* Set the name of the bus as it appears in /proc/bus/pci */
-int pci_name_bus(char *name, struct pci_bus *bus)
+int pci_name_bus(char *name, size_t size, struct pci_bus *bus)
{
#ifndef CONFIG_PPC_ISERIES
struct pci_controller *hose = pci_bus_to_host(bus);

if (hose->buid)
- sprintf(name, "%04x:%02x", pci_domain_nr(bus), bus->number);
+ snprintf(name, size, "%04x:%02x", pci_domain_nr(bus), bus->number);
else
#endif
- sprintf(name, "%02x", bus->number);
+ snprintf(name, size, "%02x", bus->number);

return 0;
}
===== arch/sparc64/kernel/pci.c 1.43 vs edited =====
--- 1.43/arch/sparc64/kernel/pci.c 2004-11-16 23:10:38 -07:00
+++ edited/arch/sparc64/kernel/pci.c 2005-01-14 13:04:09 -07:00
@@ -794,9 +794,9 @@
}
EXPORT_SYMBOL(pci_domain_nr);

-int pci_name_bus(char *name, struct pci_bus *bus)
+int pci_name_bus(char *name, size_t size, struct pci_bus *bus)
{
- sprintf(name, "%04x:%02x", pci_domain_nr(bus), bus->number);
+ snprintf(name, size, "%04x:%02x", pci_domain_nr(bus), bus->number);
return 0;
}

===== drivers/pci/proc.c 1.41 vs edited =====
--- 1.41/drivers/pci/proc.c 2004-10-06 10:44:51 -06:00
+++ edited/drivers/pci/proc.c 2005-01-14 12:58:22 -07:00
@@ -391,7 +391,7 @@
return -EACCES;

if (!(de = bus->procdir)) {
- if (pci_name_bus(name, bus))
+ if (pci_name_bus(name, sizeof(name), bus))
return -EEXIST;
de = bus->procdir = proc_mkdir(name, proc_bus_pci_dir);
if (!de)
===== include/asm-alpha/pci.h 1.23 vs edited =====
--- 1.23/include/asm-alpha/pci.h 2004-08-31 09:27:27 -06:00
+++ edited/include/asm-alpha/pci.h 2005-01-14 13:01:02 -07:00
@@ -229,14 +229,14 @@
#define pci_domain_nr(bus) ((struct pci_controller *)(bus)->sysdata)->index

static inline int
-pci_name_bus(char *name, struct pci_bus *bus)
+pci_name_bus(char *name, size_t size, struct pci_bus *bus)
{
struct pci_controller *hose = bus->sysdata;

if (likely(hose->need_domain_info == 0)) {
- sprintf(name, "%02x", bus->number);
+ snprintf(name, size, "%02x", bus->number);
} else {
- sprintf(name, "%04x:%02x", hose->index, bus->number);
+ snprintf(name, size, "%04x:%02x", hose->index, bus->number);
}
return 0;
}
===== include/asm-ia64/pci.h 1.28 vs edited =====
--- 1.28/include/asm-ia64/pci.h 2005-01-10 15:04:31 -07:00
+++ edited/include/asm-ia64/pci.h 2005-01-14 13:02:47 -07:00
@@ -121,12 +121,12 @@

extern struct pci_ops pci_root_ops;

-static inline int pci_name_bus(char *name, struct pci_bus *bus)
+static inline int pci_name_bus(char *name, size_t size, struct pci_bus *bus)
{
if (pci_domain_nr(bus) == 0) {
- sprintf(name, "%02x", bus->number);
+ snprintf(name, size, "%02x", bus->number);
} else {
- sprintf(name, "%04x:%02x", pci_domain_nr(bus), bus->number);
+ snprintf(name, size, "%04x:%02x", pci_domain_nr(bus), bus->number);
}
return 0;
}
===== include/asm-mips/pci.h 1.19 vs edited =====
--- 1.19/include/asm-mips/pci.h 2004-11-29 06:11:43 -07:00
+++ edited/include/asm-mips/pci.h 2005-01-14 13:02:37 -07:00
@@ -138,14 +138,14 @@
#define pci_domain_nr(bus) ((struct pci_controller *)(bus)->sysdata)->index

static inline int
-pci_name_bus(char *name, struct pci_bus *bus)
+pci_name_bus(char *name, size_t size, struct pci_bus *bus)
{
struct pci_controller *hose = bus->sysdata;

if (likely(hose->need_domain_info == 0)) {
- sprintf(name, "%02x", bus->number);
+ snprintf(name, size, "%02x", bus->number);
} else {
- sprintf(name, "%04x:%02x", hose->index, bus->number);
+ snprintf(name, size, "%04x:%02x", hose->index, bus->number);
}
return 0;
}
===== include/asm-ppc/pci.h 1.29 vs edited =====
--- 1.29/include/asm-ppc/pci.h 2004-05-31 17:44:01 -06:00
+++ edited/include/asm-ppc/pci.h 2005-01-14 13:02:27 -07:00
@@ -79,9 +79,9 @@
#define pci_domain_nr(bus) ((struct pci_controller *)(bus)->sysdata)->index

/* Set the name of the bus as it appears in /proc/bus/pci */
-static inline int pci_name_bus(char *name, struct pci_bus *bus)
+static inline int pci_name_bus(char *name, size_t size, struct pci_bus *bus)
{
- sprintf(name, "%02x", bus->number);
+ snprintf(name, size, "%02x", bus->number);
return 0;
}

===== include/asm-ppc64/pci.h 1.26 vs edited =====
--- 1.26/include/asm-ppc64/pci.h 2004-10-25 20:18:38 -06:00
+++ edited/include/asm-ppc64/pci.h 2005-01-14 13:00:10 -07:00
@@ -191,7 +191,7 @@
extern int pci_domain_nr(struct pci_bus *bus);

/* Set the name of the bus as it appears in /proc/bus/pci */
-extern int pci_name_bus(char *name, struct pci_bus *bus);
+extern int pci_name_bus(char *name, size_t size, struct pci_bus *bus);

struct vm_area_struct;
/* Map a range of PCI memory or I/O space for a device into user space */
===== include/asm-sparc64/pci.h 1.23 vs edited =====
--- 1.23/include/asm-sparc64/pci.h 2004-10-31 19:27:13 -07:00
+++ edited/include/asm-sparc64/pci.h 2005-01-14 13:00:26 -07:00
@@ -223,7 +223,7 @@
/* Return the index of the PCI controller for device PDEV. */

extern int pci_domain_nr(struct pci_bus *bus);
-extern int pci_name_bus(char *name, struct pci_bus *bus);
+extern int pci_name_bus(char *name, size_t size, struct pci_bus *bus);

/* Platform support for /proc/bus/pci/X/Y mmap()s. */

===== include/linux/pci.h 1.147 vs edited =====
--- 1.147/include/linux/pci.h 2005-01-10 12:28:15 -07:00
+++ edited/include/linux/pci.h 2005-01-14 13:03:21 -07:00
@@ -966,9 +966,9 @@
*/
#ifndef CONFIG_PCI_DOMAINS
static inline int pci_domain_nr(struct pci_bus *bus) { return 0; }
-static inline int pci_name_bus(char *name, struct pci_bus *bus)
+static inline int pci_name_bus(char *name, size_t size, struct pci_bus *bus)
{
- sprintf(name, "%02x", bus->number);
+ snprintf(name, size, "%02x", bus->number);
return 0;
}
#endif