Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753555AbdDJS4M (ORCPT <rfc822;w@1wt.eu>);
        Mon, 10 Apr 2017 14:56:12 -0400
Received: from esa1.hgst.iphmx.com ([68.232.141.245]:20944 "EHLO
        esa1.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752208AbdDJS4J (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Apr 2017 14:56:09 -0400
X-IronPort-AV: E=Sophos;i="5.37,182,1488816000"; 
   d="scan'208";a="111952229"
From: Bart Van Assche <Bart.VanAssche@sandisk.com>
To: "mb@lightnvm.io" <mb@lightnvm.io>, "jg@lightnvm.io" <jg@lightnvm.io>
CC: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
        "javier@cnexlabs.com" <javier@cnexlabs.com>
Subject: Re: [PATCH 1/3] lightnvm: convert sprintf into snprintf
Thread-Topic: [PATCH 1/3] lightnvm: convert sprintf into snprintf
Thread-Index: AQHSsiuN/ze60yt8f0aMXFO2n7YZc6G+89+A
Date: Mon, 10 Apr 2017 18:56:06 +0000
Message-ID: <1491850565.4199.19.camel@sandisk.com>
References: <1491850297-18235-1-git-send-email-javier@cnexlabs.com>
In-Reply-To: <1491850297-18235-1-git-send-email-javier@cnexlabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: lightnvm.io; dkim=none (message not signed)
 header.d=none;lightnvm.io; dmarc=none action=none header.from=sandisk.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [63.163.107.100]
x-microsoft-exchange-diagnostics: 1;CY1PR0401MB1535;7:x4CNXaRZt+y/vYjca+LSxlP4L0U1m2ifcp2xPKT+tP7rsx/UPlPd8s+hF81wp/nn7cspYdlnOQ4TFRuEX5SVGejiN2Iye5IHXc8F8mK/W8mIyTFy7zALh3q8YRS+ZgUvar3UJLNp19aM0SBecBRjsYdRDirvIx6eaAGx+bTt1N9eZd8CiMkYQcg+uHA0/yWoUa8Hy+chHtkfICqpZIHYgXYroWtCRY6KctRuPFl8z5/a5/h4TG7jx1hurAbfnj91YeOftVe4LzzX7ic0sXV1E1jObrZR+j/xM8h4kShfNxZeobXcqzb7g4Rpo8pN30qoyfpV1C3qhVrhI6FoZiIGeA==;20:FtyJUSGJfGCx9NylfAvCXEDAYB6heok6YnjCnW4aZLQ2xQuDiAAGInIyxw9YNvWldmbNc/dmnv+s8QHZEsEKVnhlgvCw5ahNGSt8vScGLOEdA/hJbReXtyh9byqfSSNLxXQ2b/3m8oke+iE6C1TbQv4J7ybf23nEgj786DAmv8A=
x-ms-office365-filtering-correlation-id: 3973db62-d38b-4060-8c90-08d480433ebb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081);SRVR:CY1PR0401MB1535;
wdcipoutbound: EOP-TRUE
x-microsoft-antispam-prvs: <CY1PR0401MB153585A008E9E75F2D9570D881010@CY1PR0401MB1535.namprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(6072148);SRVR:CY1PR0401MB1535;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0401MB1535;
x-forefront-prvs: 027367F73D
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(39410400002)(39400400002)(39850400002)(39840400002)(39860400002)(39450400003)(377424004)(24454002)(305945005)(8936002)(6436002)(86362001)(53936002)(81166006)(99286003)(102836003)(7736002)(6116002)(76176999)(6486002)(8676002)(77096006)(3846002)(36756003)(50986999)(54356999)(54906002)(6506006)(6512007)(189998001)(33646002)(3660700001)(66066001)(2950100002)(25786009)(5660300001)(2906002)(122556002)(2900100001)(38730400002)(4326008)(103116003)(3280700002)(229853002);DIR:OUT;SFP:1102;SCL:1;SRVR:CY1PR0401MB1535;H:CY1PR0401MB1536.namprd04.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <505958A85B25DC4485495923CB289A6C@namprd04.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: sandisk.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2017 18:56:06.8319
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b61c8803-16f3-4c35-9b17-6f65f441df86
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0401MB1535
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id v3AIuGWt031060
Content-Length: 1639
Lines: 46

On Mon, 2017-04-10 at 20:51 +0200, Javier Gonz?lez wrote:
> Convert sprintf calls to snprintf in order to make possible buffer
> overflow more obvious.
> 
> Signed-off-by: Javier Gonz?lez <javier@cnexlabs.com>
> ---
>  drivers/lightnvm/core.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/lightnvm/core.c b/drivers/lightnvm/core.c
> index c3340ef..bdbb333 100644
> --- a/drivers/lightnvm/core.c
> +++ b/drivers/lightnvm/core.c
> @@ -272,7 +272,8 @@ static int nvm_create_tgt(struct nvm_dev *dev, struct nvm_ioctl_create *create)
>  		goto err_disk;
>  	blk_queue_make_request(tqueue, tt->make_rq);
>  
> -	sprintf(tdisk->disk_name, "%s", create->tgtname);
> +	snprintf(tdisk->disk_name, sizeof(tdisk->disk_name), "%s",
> +							create->tgtname);
>  	tdisk->flags = GENHD_FL_EXT_DEVT;
>  	tdisk->major = 0;
>  	tdisk->first_minor = 0;
> @@ -1195,13 +1196,13 @@ static long nvm_ioctl_get_devices(struct file *file, void __user *arg)
>  	list_for_each_entry(dev, &nvm_devices, devices) {
>  		struct nvm_ioctl_device_info *info = &devices->info[i];
>  
> -		sprintf(info->devname, "%s", dev->name);
> +		snprintf(info->devname, sizeof(info->devname), "%s", dev->name);
>  
>  		/* kept for compatibility */
>  		info->bmversion[0] = 1;
>  		info->bmversion[1] = 0;
>  		info->bmversion[2] = 0;
> -		sprintf(info->bmname, "%s", "gennvm");
> +		snprintf(info->bmname, sizeof(info->bmname), "%s", "gennvm");
>  		i++;
>  
>  		if (i > 31) {

Hello Javier,

Although the above changes look fine to me, have you considered to use strlcpy()
instead of snprintf() for these string copy operations?

Bart.