[PATCH 01/27] modpost: use snprintf() instead of sprintf() for safety

From: Masahiro Yamada
Date: Sun Apr 24 2022 - 15:12:13 EST

Next message: Masahiro Yamada: "[PATCH 03/27] modpost: remove stale comment about sym_add_exported()"
Previous message: Masahiro Yamada: "[PATCH 09/27] modpost: add sym_add_unresolved() helper"
In reply to: Nick Desaulniers: "Re: [PATCH 09/27] modpost: add sym_add_unresolved() helper"
Next in thread: Nick Desaulniers: "Re: [PATCH 01/27] modpost: use snprintf() instead of sprintf() for safety"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Use snprintf() to avoid the potential buffer overflow, and also
check the return value to detect the too long path.

Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx>
---

scripts/mod/modpost.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 522d5249d196..141370ebbfd3 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -2560,6 +2560,7 @@ int main(int argc, char **argv)

for (mod = modules; mod; mod = mod->next) {
char fname[PATH_MAX];
+ int ret;

if (mod->is_vmlinux || mod->from_dump)
continue;
@@ -2578,7 +2579,12 @@ int main(int argc, char **argv)
add_moddevtable(&buf, mod);
add_srcversion(&buf, mod);

- sprintf(fname, "%s.mod.c", mod->name);
+ ret = snprintf(fname, sizeof(fname), "%s.mod.c", mod->name);
+ if (ret >= sizeof(fname)) {
+ error("%s: too long path was truncated\n", fname);
+ continue;
+ }
+
write_if_changed(&buf, fname);
}

--
2.32.0

Next message: Masahiro Yamada: "[PATCH 03/27] modpost: remove stale comment about sym_add_exported()"
Previous message: Masahiro Yamada: "[PATCH 09/27] modpost: add sym_add_unresolved() helper"
In reply to: Nick Desaulniers: "Re: [PATCH 09/27] modpost: add sym_add_unresolved() helper"
Next in thread: Nick Desaulniers: "Re: [PATCH 01/27] modpost: use snprintf() instead of sprintf() for safety"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]