Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp322514rwb;
        Tue, 4 Oct 2022 04:42:52 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7eUQHHhgY3uiIzRXowfmZ8znkQUUWNcVT18i61LNXkT+Em9fCZBysuePIwjdnp/gPkChG5
X-Received: by 2002:a17:906:1e08:b0:73d:c724:4876 with SMTP id g8-20020a1709061e0800b0073dc7244876mr18487687ejj.62.1664883771685;
        Tue, 04 Oct 2022 04:42:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1664883771; cv=none;
        d=google.com; s=arc-20160816;
        b=efbZqfU678Q/XHq/NxV611uXbbS0IIK+WounEvUdF/Im/IZMp/RWEsSD++SzMWB7Zw
         HaT3LDjWfOu7LOF22VI9q5yGe4v5tNdg7oHStrNRPmPYFBhTVDWhlg/mnpS0+dWyVeTK
         0PtWQo1Zes4Mwcpzu6zZv0aJ6Vp7wvNpHsSCehy2XzorT2uQrCr11F8/svBB28RmtjuJ
         K8e/DZPoshxtPN69sWJzmRvqnCA3n+ztN5k001gNJwS/OGFqZWrsul+sjY11gsBps0rM
         BKKtLVpxhMYyvohuhJAFRwtfXY9rLo/palfJIVkvDX3k/hB1ziWhkbTxIpQeXFhRiUMP
         MCmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=u8fB18adYnck2C3aYsjuR/l6wiEjwRdtCR4r9ngxn40=;
        b=tXtKLYupEsTcNSaPrV5CHCajTyfYJJ1kZ/crKfjBAWXhEVjy+9FPbgJ1yDX4A0PHPU
         GLDLUj5e8lRvJTxLDrD6woX5cjqcQecLfEjDGmtEYE23FH9LqAeNCv3uyWf2WFaLMFdo
         CE0T/fwHa60sQAKST+LVRog66y6gFN9B4fKudEAgi9BTOuc2hIkw1PN/NhMOI08QMwvf
         ML21yR6nl5IGDocPPTwgrBtrOmGlf1/oLxuOApvDnX4KXI9IL5MZBKeQ2wNQNeMkK8nX
         /piXctxiF1V3y4HDfuBaP4MjVqHWHOad1baHS6NNjlBRlP6sAgr4Fw1rpz1rNGUkzO8i
         6LJQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@yandex.ru header.s=mail header.b=biLY4ENh;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id hb43-20020a170907162b00b00781bf46536bsi12484115ejc.4.2022.10.04.04.42.25;
        Tue, 04 Oct 2022 04:42:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@yandex.ru header.s=mail header.b=biLY4ENh;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229707AbiJDKvd (ORCPT <rfc822;anenbupt@gmail.com> + 99 others);
        Tue, 4 Oct 2022 06:51:33 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56288 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229729AbiJDKvH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 4 Oct 2022 06:51:07 -0400
X-Greylist: delayed 513 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 04 Oct 2022 03:50:58 PDT
Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::600])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 033C313F87;
        Tue,  4 Oct 2022 03:50:57 -0700 (PDT)
Received: from forward100q.mail.yandex.net (forward100q.mail.yandex.net [IPv6:2a02:6b8:c0e:4b:0:640:4012:bb97])
        by forward100o.mail.yandex.net (Yandex) with ESMTP id BB33452ABDF7;
        Tue,  4 Oct 2022 13:42:21 +0300 (MSK)
Received: from vla3-23c3b031fed5.qloud-c.yandex.net (vla3-23c3b031fed5.qloud-c.yandex.net [IPv6:2a02:6b8:c15:2582:0:640:23c3:b031])
        by forward100q.mail.yandex.net (Yandex) with ESMTP id B6D6A6F40002;
        Tue,  4 Oct 2022 13:42:21 +0300 (MSK)
Received: by vla3-23c3b031fed5.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id er6Xai1pjJ-gKhGM48u;
        Tue, 04 Oct 2022 13:42:21 +0300
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
        (Client certificate not present)
X-Yandex-Fwd: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1664880141;
        bh=u8fB18adYnck2C3aYsjuR/l6wiEjwRdtCR4r9ngxn40=;
        h=Message-Id:Date:Cc:Subject:To:From;
        b=biLY4ENhLrX39alLvQPu/TsVUHOxxLF6ewU4H5h3DbX7tsi4Yg6fXYJeimfWoPUfg
         0FuHbFep0SSSAsFCd8U0MNo8jur6g+CVlP+tHFiTz9HOKX45cd+IpcmSTwZ2EthI5R
         CWgqfrfwmRIVQ0AoHBb3um0Gg94eE8fOPKJOvqnk=
Authentication-Results: vla3-23c3b031fed5.qloud-c.yandex.net; dkim=pass header.i=@yandex.ru
From:   Peter Kosyh <pkosyh@yandex.ru>
To:     Rasesh Mody <rmody@marvell.com>
Cc:     Peter Kosyh <pkosyh@yandex.ru>,
        Sudarsana Kalluru <skalluru@marvell.com>,
        GR-Linux-NIC-Dev@marvell.com,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
Subject: [PATCH] bna: replace sprintf with snprintf,  BNA_Q_NAME_SIZE is depends on IFNAMSIZ
Date:   Tue,  4 Oct 2022 13:42:17 +0300
Message-Id: <20221004104217.387137-1-pkosyh@yandex.ru>
X-Mailer: git-send-email 2.37.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

BNA_Q_NAME_SIZE is just 16, so buffer overflow with long interface
name is possible.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Peter Kosyh <pkosyh@yandex.ru>
---
 drivers/net/ethernet/brocade/bna/bna_types.h | 2 +-
 drivers/net/ethernet/brocade/bna/bnad.c      | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ethernet/brocade/bna/bna_types.h b/drivers/net/ethernet/brocade/bna/bna_types.h
index 666b6922e24d..979dbab9f960 100644
--- a/drivers/net/ethernet/brocade/bna/bna_types.h
+++ b/drivers/net/ethernet/brocade/bna/bna_types.h
@@ -410,7 +410,7 @@ struct bna_ib {
 /* Tx object */
 
 /* Tx datapath control structure */
-#define BNA_Q_NAME_SIZE		16
+#define BNA_Q_NAME_SIZE		IFNAMSIZ
 struct bna_tcb {
 	/* Fast path */
 	void			**sw_qpt;
diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c
index 29dd0f93d6c0..770392e35908 100644
--- a/drivers/net/ethernet/brocade/bna/bnad.c
+++ b/drivers/net/ethernet/brocade/bna/bnad.c
@@ -1535,7 +1535,8 @@ bnad_tx_msix_register(struct bnad *bnad, struct bnad_tx_info *tx_info,
 
 	for (i = 0; i < num_txqs; i++) {
 		vector_num = tx_info->tcb[i]->intr_vector;
-		sprintf(tx_info->tcb[i]->name, "%s TXQ %d", bnad->netdev->name,
+		snprintf(tx_info->tcb[i]->name, BNA_Q_NAME_SIZE,
+				"%s TXQ %d", bnad->netdev->name,
 				tx_id + tx_info->tcb[i]->id);
 		err = request_irq(bnad->msix_table[vector_num].vector,
 				  (irq_handler_t)bnad_msix_tx, 0,
@@ -1586,8 +1587,8 @@ bnad_rx_msix_register(struct bnad *bnad, struct bnad_rx_info *rx_info,
 
 	for (i = 0; i < num_rxps; i++) {
 		vector_num = rx_info->rx_ctrl[i].ccb->intr_vector;
-		sprintf(rx_info->rx_ctrl[i].ccb->name, "%s CQ %d",
-			bnad->netdev->name,
+		snprintf(rx_info->rx_ctrl[i].ccb->name, BNA_Q_NAME_SIZE,
+			"%s CQ %d", bnad->netdev->name,
 			rx_id + rx_info->rx_ctrl[i].ccb->id);
 		err = request_irq(bnad->msix_table[vector_num].vector,
 				  (irq_handler_t)bnad_msix_rx, 0,
-- 
2.37.0