From patchwork Wed Nov 8 12:08:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 118247 Delivered-To: patch@linaro.org Received: by 10.80.245.45 with SMTP id t42csp1718707edm; Wed, 8 Nov 2017 04:09:31 -0800 (PST) X-Google-Smtp-Source: ABhQp+QtPsvnMEcL++atggIbXKgEjprpPAYTzkbB2yAe1kH6lEGxhcerGJt4DDLMlpAQVOYiVN8z X-Received: by 10.99.116.18 with SMTP id p18mr267405pgc.269.1510142971137; Wed, 08 Nov 2017 04:09:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510142971; cv=none; d=google.com; s=arc-20160816; b=OZaGo4HWn+mq0qtTLDIaBPCJF7MABzz5JwT+oqQJv5UirLUQ2eSybz6c9aOJF1oJuj pGJXpWTPDUgyF9xIHvynVR9O4sOXJ1tEhiDpxBspIamB2RhabYRLPrgGXCa3wpA3quXf qAcDkpotrq22hSpiurdZ+6Glt4GQSrzDz0PeXD6PLZhODo1iRdbnT5aP5ZjmZUVm9pA+ Zg/LZRQ+S15bJxPDC+xzatA/dO5usheTwG+2MTMV3QYxYlkONXqBeVt47XDUKD8FXFxk C4ardOfs2AMYjyEIKqCx9ZTbBUB9pMt9FOamhf0GYONv1+rDkci8b4fh/usL8904fEkj OZ8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=fSQvC+16HRi+Lit2N8eezkEx3A5tq9fCbkofVVCKkzk=; b=hz4S7eiQVTtPycezEH1tR75FHDieX006+Cp5hc6Fxblh+ADBSzPmIE3Rk+DC8z1WGz VnJTT/yQGP7b15vuSZkIJ8ShcbEW37JLGJzalcAKq29EQ/KtHM7Ik9m6WBqmC9Vq3kpO ZCt/VIYUvvsLVjlQYkWkvny62YjvlNvWiyH7YCFyWRciuiUyAq5PJXP0kzNg8myHq7B7 p8E6+TAi7ll+GemceCJUmkcO//JMHG5cyO+uiTzi0APzU7r4hHLoXhEee3FfZMnqAV5A tD3CzmidlELVy2PlIidu3MZJZAI9sZqs3ggtYXEjZFyeFG5s1soy0DVYgBid5y3WcrOI PhFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1si3756986plb.351.2017.11.08.04.09.30; Wed, 08 Nov 2017 04:09:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752436AbdKHMJ3 (ORCPT + 21 others); Wed, 8 Nov 2017 07:09:29 -0500 Received: from mout.kundenserver.de ([212.227.126.133]:55830 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752033AbdKHMJ1 (ORCPT ); Wed, 8 Nov 2017 07:09:27 -0500 Received: from wuerfel.lan ([109.193.157.232]) by mrelayeu.kundenserver.de (mreue001 [212.227.15.129]) with ESMTPA (Nemesis) id 0LiscI-1eoE0u0oJi-00dFVl; Wed, 08 Nov 2017 13:08:46 +0100 From: Arnd Bergmann To: =?utf-8?q?Pali_Roh=C3=A1r?= , Mario Limonciello , Darren Hart , Andy Shevchenko Cc: Arnd Bergmann , "Edward O'Callaghan" , Hans de Goede , platform-driver-x86@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] dell-smbios: fix string overflow Date: Wed, 8 Nov 2017 13:08:39 +0100 Message-Id: <20171108120844.3196747-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:61hUVFmRj0kTbhb18HGPK798Dc6r/0acYiirU+J6bX0Vc937QQM tpw125x3Tl40oAmnu6mfF+PIQiVi7v1VJqySFCwcQo2EpO3s46VfcZ3Uzicd7p0vA9+Dd7M iPXJ0E9E55ZuO23UFUFONHi+cpnweGxx/zOiaDAHFb364cYUvVaY3hR/hpJ1l3CZDqSrSkw HLhKGDRzyb9XJTE56It/g== X-UI-Out-Filterresults: notjunk:1; V01:K0:W7NBzZuiOCE=:R6NBHr27ELjxV4UXJEGey8 JbkV5oV9ahNUQ2qyHGqHrHSAteZ0IBluzqhTBQ9/inJyu80c+y27yeFsQPzD6BWc2uItOEvdy a9nfVrUCy78dZ/Bk3E8M+sMGq0azkGnLnxogYFKzfXsmiw3oEJOhUD56rcDyYEbItQk4GIJvg cKh8oHkK0AH9EYvtoU205rg8LIwWgCIPjBCZBnn7isj7ZNRFQW+0X48wt8vB8D5Yw50rXWxxT +0Mer6LuUDD4H6t5RSrUZfVAdPYhPIbXaME8OdFGY6sMhM2WhQPtNLk/56PvRFqlwsT3pRL0q NmE+jB6KYCpRETKVis6LLrW+pJL6dNf4qYx3ohzjlF/71QFpaeVO2iIgT419/Igcbn30DPvcl H5dlC8HcMURXmb2gp1Ho9R+Vp9Eaq7+aVIiWBUlGUE6KBORNm8OTkq7iTFBkmKgyGOENo5Mxg 89xKX0Fi8YmR+W4svXeyH32uKPjpFIIMGu+I/oGUQbx+bx+4P80M5nzVuTSnuW/27M2K+Y9Lo DVWKJhAhQZMVYF/G6XuNVuv6X2JuG3WRuoo6+Kp4GYouGPBjwA7aLnhQRDQF8nIy9awXdA4dx DCweaAgqxMXTknr5TN1YemnzyKWReruYzpGj4dlBbYWh6moMIcvuZNSohsq1mhejGGwnVqLEg QtyX9w4kcO5QqpFZKyxPsfXuoK02xnRK915wSPEI9MoDvvfvBMTHK5X2uvNOAITY11kIMaiqa ntFZ9HxF8zc/et21DYlBYLZCEDLBEPtNPQTF8A== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The new sysfs code overwrites two fixed-length character arrays that are each one byte shorter than they need to be, to hold the trailing \0: drivers/platform/x86/dell-smbios.c: In function 'build_tokens_sysfs': drivers/platform/x86/dell-smbios.c:494:42: error: 'sprintf' writing a terminating nul past the end of the destination [-Werror=format-overflow=] sprintf(buffer_location, "%04x_location", drivers/platform/x86/dell-smbios.c:494:3: note: 'sprintf' output 14 bytes into a destination of size 13 drivers/platform/x86/dell-smbios.c:506:36: error: 'sprintf' writing a terminating nul past the end of the destination [-Werror=format-overflow=] sprintf(buffer_value, "%04x_value", drivers/platform/x86/dell-smbios.c:506:3: note: 'sprintf' output 11 bytes into a destination of size 10 This changes it to just use kasprintf(), which always gets it right. Fixes: 33b9ca1e53b4 ("platform/x86: dell-smbios: Add a sysfs interface for SMBIOS tokens") Signed-off-by: Arnd Bergmann --- drivers/platform/x86/dell-smbios.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) -- 2.9.0 Acked-by: Mario Limonciello Reviewed-by: Pali Rohár diff --git a/drivers/platform/x86/dell-smbios.c b/drivers/platform/x86/dell-smbios.c index d99edd803c19..6a60db515bda 100644 --- a/drivers/platform/x86/dell-smbios.c +++ b/drivers/platform/x86/dell-smbios.c @@ -463,8 +463,6 @@ static struct platform_driver platform_driver = { static int build_tokens_sysfs(struct platform_device *dev) { - char buffer_location[13]; - char buffer_value[10]; char *location_name; char *value_name; size_t size; @@ -491,9 +489,8 @@ static int build_tokens_sysfs(struct platform_device *dev) if (da_tokens[i].tokenID == 0) continue; /* add location */ - sprintf(buffer_location, "%04x_location", - da_tokens[i].tokenID); - location_name = kstrdup(buffer_location, GFP_KERNEL); + location_name = kasprintf(GFP_KERNEL, "%04x_location", + da_tokens[i].tokenID); if (location_name == NULL) goto out_unwind_strings; sysfs_attr_init(&token_location_attrs[i].attr); @@ -503,9 +500,8 @@ static int build_tokens_sysfs(struct platform_device *dev) token_attrs[j++] = &token_location_attrs[i].attr; /* add value */ - sprintf(buffer_value, "%04x_value", - da_tokens[i].tokenID); - value_name = kstrdup(buffer_value, GFP_KERNEL); + value_name = kasprintf(GFP_KERNEL, "%04x_value", + da_tokens[i].tokenID); if (value_name == NULL) goto loop_fail_create_value; sysfs_attr_init(&token_value_attrs[i].attr);