Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1631778pxv;
        Sat, 10 Jul 2021 10:05:40 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyS2Okmk19LEIr6fypKV7z1NdFt70AcsZxgCL+PqvgSTsF4lbgyhAlB897xAmZx8QOkpxyr
X-Received: by 2002:a5e:970a:: with SMTP id w10mr31791488ioj.46.1625936740210;
        Sat, 10 Jul 2021 10:05:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1625936740; cv=none;
        d=google.com; s=arc-20160816;
        b=V5fk+c5q6N6KAFf20a9d8Svdb4X7eiQjRZWVL6MJ++QrtO+FftpxsnqfIZehdO2Xi8
         mxpdVq7Yt5aDr7G3dwqg4/J9Qz9ueAQ3Cpj25nj4oBog8Dhb0tdx8hSwjTCQYZ23hSEh
         bBf/hjsnvmf5KzBfC8WF2916sDyBwdfmTqVvHOLSiSFfxsj2H/unCOB9J3oCN4gBmwSY
         UOsyrOF1Db3BJFbNk6qGxsZFrSdvfErLUPcSDWzyy6XbvQV9Vm2MQJmQbwitBNMjnd3S
         7Nk217w0sram4am/w3e6XNZvG8RgZU8XBmUHMdxFSjszAz0nVMwNGZG8inv8Kg9EGXYh
         Q+wQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id;
        bh=HR5Phxv62CNjsdghVceL+RAQ40feHTGOyJZL53lK4xY=;
        b=GrJl0UixDJaak0TFgtd+2ek/h0yLlrl5RqOJzHCZMwxTCMDiybIT9afHbjsx7zdWMr
         2IUthzeT/fiLq8hmRlptWc7pZoSTLhkCcijAudxuzDjYTK8PbqqowKKAXc9+Ed2y/i9y
         JNMHIFtDuemhq11BJfSjvDs89IDncIUqkxZmJ/5ymNHch/BP8C8DMYH4Bqca4SSLH6Is
         WPaJPsc273FkoHq89dJoT4UgJyiVqbWh3n/c5Z2NU+JJ1fS96E1DmRAaP5C9o2jjbu4C
         uryakW+wy9SUZz0lgMhWI83wOh6PtARcRK/W1n+au9hT0/LF9mgkt+0pcyCZimmFb+K5
         RI4g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u12si11217004ilm.144.2021.07.10.10.05.24;
        Sat, 10 Jul 2021 10:05:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229791AbhGJRHh (ORCPT <rfc822;maloy021189ju@gmail.com>
        + 99 others); Sat, 10 Jul 2021 13:07:37 -0400
Received: from smtprelay0137.hostedemail.com ([216.40.44.137]:36890 "EHLO
        smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S229490AbhGJRHh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 10 Jul 2021 13:07:37 -0400
Received: from omf06.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60])
        by smtprelay03.hostedemail.com (Postfix) with ESMTP id 3AF3E837F253;
        Sat, 10 Jul 2021 17:04:51 +0000 (UTC)
Received: from [HIDDEN] (Authenticated sender: joe@perches.com) by omf06.hostedemail.com (Postfix) with ESMTPA id 3852D2448BF;
        Sat, 10 Jul 2021 17:04:50 +0000 (UTC)
Message-ID: <10621e048f62018432c42a3fccc1a5fd9a6d71d7.camel@perches.com>
Subject: Re: [PATCH] dax: replace sprintf() by scnprintf()
From:   Joe Perches <joe@perches.com>
To:     Salah Triki <salah.triki@gmail.com>, dan.j.williams@intel.com,
        vishal.l.verma@intel.com, dave.jiang@intel.com
Cc:     nvdimm@lists.linux.dev, linux-kernel@vger.kernel.org
Date:   Sat, 10 Jul 2021 10:04:48 -0700
In-Reply-To: <20210710164615.GA690067@pc>
References: <20210710164615.GA690067@pc>
Content-Type: text/plain; charset="ISO-8859-1"
User-Agent: Evolution 3.40.0-1 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=1.60
X-Rspamd-Server: rspamout04
X-Rspamd-Queue-Id: 3852D2448BF
X-Stat-Signature: r9mp75uipcc9qgr86rf8isradagw5869
X-Session-Marker: 6A6F6540706572636865732E636F6D
X-Session-ID: U2FsdGVkX19qjiJ4bEM3l7ZhvAJzq+B4x7oGaQz405Y=
X-HE-Tag: 1625936690-706479
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, 2021-07-10 at 17:46 +0100, Salah Triki wrote:
> Replace sprintf() by scnprintf() in order to avoid buffer overflows.

OK but also not strictly necessary.  DAX_NAME_LEN is 30.

Are you finding and changing these manually or with a script?

> diff --git a/drivers/dax/bus.c b/drivers/dax/bus.c
[]
> @@ -76,7 +76,7 @@ static ssize_t do_id_store(struct device_driver *drv, const char *buf,
> ?	fields = sscanf(buf, "dax%d.%d", &region_id, &id);
> ?	if (fields != 2)
> ?		return -EINVAL;
> -	sprintf(devname, "dax%d.%d", region_id, id);
> +	scnprintf(devname, DAX_NAME_LEN, "dax%d.%d", region_id, id);
> ?	if (!sysfs_streq(buf, devname))
> ?		return -EINVAL;
> ?
>