Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966519AbbDXL0Q (ORCPT ); Fri, 24 Apr 2015 07:26:16 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:29110 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755038AbbDXL0L (ORCPT ); Fri, 24 Apr 2015 07:26:11 -0400 Date: Fri, 24 Apr 2015 14:25:49 +0300 From: Dan Carpenter To: "DHANAPAL, GNANACHANDRAN (G.)" Cc: "gregkh@linuxfoundation.org" , "devel@driverdev.osuosl.org" , "Babu, Viswanathan (V.)" , "lidza.louina@gmail.com" , "driverdev-devel@linuxdriverproject.org" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH] Staging: dgnc: Replace snprintf instead of sprintf Message-ID: <20150424112549.GN14154@mwanda> References: <20150424112413.GA13642@visteon-gnana> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150424112413.GA13642@visteon-gnana> User-Agent: Mutt/1.5.21 (2010-09-15) X-Source-IP: userv0022.oracle.com [156.151.31.74] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1217 Lines: 30 On Fri, Apr 24, 2015 at 11:22:24AM +0000, DHANAPAL, GNANACHANDRAN (G.) wrote: > This patch replaces snprintf instead of sprintf to avoid buffer overflow > > Signed-off-by: Gnanachandran Dhanapal > --- > drivers/staging/dgnc/dgnc_mgmt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/dgnc/dgnc_mgmt.c b/drivers/staging/dgnc/dgnc_mgmt.c > index b13318a..aa20a66 100644 > --- a/drivers/staging/dgnc/dgnc_mgmt.c > +++ b/drivers/staging/dgnc/dgnc_mgmt.c > @@ -116,7 +116,7 @@ long dgnc_mgmt_ioctl(struct file *file, unsigned int cmd, unsigned long arg) > spin_lock_irqsave(&dgnc_global_lock, flags); > > ddi.dinfo_nboards = dgnc_NumBoards; > - sprintf(ddi.dinfo_version, "%s", DG_PART); > + snprintf(ddi.dinfo_version, strlen(DG_PART)+1, "%s", DG_PART); This change makes no sense. If the original had memory corruption then the new code has memory corruption as well. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/