thunderbolt: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
author: Takashi Iwai <tiwai@suse.de> 2020-03-11 10:28:07 +0100
committer: Mika Westerberg <mika.westerberg@linux.intel.com> 2020-03-12 11:27:41 +0300
commit: 3010518964dc96c41848a05a5b0ec11ccf8d5ebe (patch)
tree: 35cc9c853d4f22b35143af55f494fd61c3086002 /drivers/thunderbolt
parent: thunderbolt: icm: Replace zero-length array with flexible-array member (diff)
download: linux-dev-3010518964dc96c41848a05a5b0ec11ccf8d5ebe.tar.xz
linux-dev-3010518964dc96c41848a05a5b0ec11ccf8d5ebe.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index b7980c856898..68c1b93ac5d9 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -147,10 +147,10 @@ static ssize_t boot_acl_show(struct device *dev, struct device_attribute *attr,
 
 	for (ret = 0, i = 0; i < tb->nboot_acl; i++) {
 		if (!uuid_is_null(&uuids[i]))
-			ret += snprintf(buf + ret, PAGE_SIZE - ret, "%pUb",
+			ret += scnprintf(buf + ret, PAGE_SIZE - ret, "%pUb",
 					&uuids[i]);
 
-		ret += snprintf(buf + ret, PAGE_SIZE - ret, "%s",
+		ret += scnprintf(buf + ret, PAGE_SIZE - ret, "%s",
 			       i < tb->nboot_acl - 1 ? "," : "\n");
 	}
author	Takashi Iwai <tiwai@suse.de>	2020-03-11 10:28:07 +0100
committer	Mika Westerberg <mika.westerberg@linux.intel.com>	2020-03-12 11:27:41 +0300
commit	3010518964dc96c41848a05a5b0ec11ccf8d5ebe (patch)
tree	35cc9c853d4f22b35143af55f494fd61c3086002 /drivers/thunderbolt
parent	thunderbolt: icm: Replace zero-length array with flexible-array member (diff)
download	linux-dev-3010518964dc96c41848a05a5b0ec11ccf8d5ebe.tar.xz linux-dev-3010518964dc96c41848a05a5b0ec11ccf8d5ebe.zip