Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp87001pxv; Wed, 30 Jun 2021 15:44:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxGDFIr6RGdOAgN5jZy1otemVGOaLNZ0jKfFjDm4riE0tBx/TARfdD83/VDZSvhNEvbrh0Z X-Received: by 2002:a05:6602:2587:: with SMTP id p7mr9821110ioo.12.1625093042872; Wed, 30 Jun 2021 15:44:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625093042; cv=none; d=google.com; s=arc-20160816; b=T648yaxCdjqI3vD/2V2rNXf7WM5kE3MP0fxGfZyUHfwfbNzQq0w81sYWUxnhyTDMjw dE6whxFu0zong33YfW1lztZ1D0kpqJu93okatf9jdrwsJcai0jMGSlbg8NSlDd/xbOqV 5Z8Bt7WazWlbci14/vWmeZMH6pYMH4rZjnpIpeErGxACNsYEDpKS+Glg2MK2Lw8GKotW mNfI8c05HtPxJeB3tns3iF0l3CxW18b0cKA5aG/mLrEcQ20taDiJ0S4CypHI+HCNjcTt 9dpEokUjm1Eve5YDK+E2ZGZZ1/UNLXCQtaRWLgpyDcAvQp1Vr+ErU4ywgcOXiYKyzxGX gqlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:organization:content-disposition :mime-version:mail-followup-to:message-id:subject:cc:to:from:date; bh=VdP1KQS4BPs/tik73cPa9a/Iooe/pfPn1edmAOTM5Q8=; b=nyw6IJyCNKMFcl4UUA98riL9nygb7pWy1MjLBV+J34WSzxmn5KPHtBgCQwYx/jXXUC XmFnOpsxXTgw2tm7n0i99GWjDvZNmrXDUPZnMVSWfQ7i4+9yiUTaOSZ1gwwqoRk2Og/7 Rq7oNrux+hPtL4qvpIqyFOPazsBPYAK7nTz6pOFjigW7q/wNE5Hrh/Hqizrqzc/IOjwf 1APt10fmQcJVGovmQq/zCnEwyul9gz4Ma0OqTXylx6aDUdtPPrHVwTWWzBtI1O1ecUnx 6Fq46ff29+BQN1BtJ2RNqFdJ7VUoxCG8ki3wSrkUejsRJn/QHN+mcurDxbfciIm5RhNV TZCQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w4si29098549iov.14.2021.06.30.15.43.43; Wed, 30 Jun 2021 15:44:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232559AbhF3WpZ (ORCPT + 99 others); Wed, 30 Jun 2021 18:45:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51566 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231738AbhF3WpZ (ORCPT ); Wed, 30 Jun 2021 18:45:25 -0400 Received: from hera.aquilenet.fr (hera.aquilenet.fr [IPv6:2a0c:e300::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 236A7C061756 for ; Wed, 30 Jun 2021 15:42:54 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id D35AE2FD; Thu, 1 Jul 2021 00:42:50 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G7ISy1JTru8z; Thu, 1 Jul 2021 00:42:50 +0200 (CEST) Received: from begin (unknown [IPv6:2a01:cb19:956:1b00:de41:a9ff:fe47:ec49]) by hera.aquilenet.fr (Postfix) with ESMTPSA id EFB4A60; Thu, 1 Jul 2021 00:42:49 +0200 (CEST) Received: from samy by begin with local (Exim 4.94.2) (envelope-from ) id 1lyiuu-006wxI-OS; Thu, 01 Jul 2021 00:42:48 +0200 Date: Thu, 1 Jul 2021 00:42:48 +0200 From: Samuel Thibault To: gregkh@linuxfoundation.org Cc: linux-kernel@vger.kernel.org, Salah Triki , w.d.hubbs@gmail.com, chris@the-brannons.com, kirk@reisers.ca, speakup@linux-speakup.org Subject: [PATCH] speakup: replace sprintf() by scnprintf() Message-ID: <20210630224248.2iq6o6krecx4cz5j@begin> Mail-Followup-To: Samuel Thibault , gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, Salah Triki , w.d.hubbs@gmail.com, chris@the-brannons.com, kirk@reisers.ca, speakup@linux-speakup.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: I am not organized User-Agent: NeoMutt/20170609 (1.8.3) X-Spamd-Bar: -- Authentication-Results: hera.aquilenet.fr X-Rspamd-Server: hera X-Rspamd-Queue-Id: D35AE2FD X-Spamd-Result: default: False [-2.50 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FREEMAIL_ENVRCPT(0.00)[gmail.com]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; BAYES_HAM(-3.00)[100.00%] Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Replace sprintf() by scnprintf() in order to avoid buffer overflows. Signed-off-by: Salah Triki Signed-off-by: Samuel Thibault --- drivers/accessibility/speakup/speakup_soft.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/accessibility/speakup/speakup_soft.c b/drivers/accessibility/speakup/speakup_soft.c index c3f97c572fb6..19824e7006fe 100644 --- a/drivers/accessibility/speakup/speakup_soft.c +++ b/drivers/accessibility/speakup/speakup_soft.c @@ -153,18 +153,25 @@ static char *get_initstring(void) static char buf[40]; char *cp; struct var_t *var; + size_t len; + size_t n; memset(buf, 0, sizeof(buf)); cp = buf; + len = sizeof(buf); + var = synth_soft.vars; while (var->var_id != MAXVARS) { if (var->var_id != CAPS_START && var->var_id != CAPS_STOP && - var->var_id != PAUSE && var->var_id != DIRECT) - cp = cp + sprintf(cp, var->u.n.synth_fmt, - var->u.n.value); + var->var_id != PAUSE && var->var_id != DIRECT) { + n = scnprintf(cp, len, var->u.n.synth_fmt, + var->u.n.value); + cp = cp + n; + len = len - n; + } var++; } - cp = cp + sprintf(cp, "\n"); + cp = cp + scnprintf(cp, len, "\n"); return buf; } -- 2.25.1