From: Takashi Iwai <tiwai@suse.de>
Date: Wed, 11 Mar 2020 10:28:07 +0100
Subject: thunderbolt: Use scnprintf() for avoiding potential buffer overflow
Git-commit: 3010518964dc96c41848a05a5b0ec11ccf8d5ebe
Patch-mainline: v5.7-rc1
References: jsc#SLE-14130
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
---
drivers/thunderbolt/domain.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index b7980c856898..68c1b93ac5d9 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -147,10 +147,10 @@ static ssize_t boot_acl_show(struct device *dev, struct device_attribute *attr,
for (ret = 0, i = 0; i < tb->nboot_acl; i++) {
if (!uuid_is_null(&uuids[i]))
- ret += snprintf(buf + ret, PAGE_SIZE - ret, "%pUb",
+ ret += scnprintf(buf + ret, PAGE_SIZE - ret, "%pUb",
&uuids[i]);
- ret += snprintf(buf + ret, PAGE_SIZE - ret, "%s",
+ ret += scnprintf(buf + ret, PAGE_SIZE - ret, "%s",
i < tb->nboot_acl - 1 ? "," : "\n");
}