modpost: use snprintf() instead of sprintf() for safety

Use snprintf() to avoid the potential buffer overflow, and also check the return value to detect the too long path. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

modpost: use snprintf() instead of sprintf() for safety
Use snprintf() to avoid the potential buffer overflow, and also check the return value to detect the too long path. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
15a28c7c · Masahiro Yamada · f4d40868 · 15a28c7c
Commit 15a28c7c authored Apr 25, 2022 by Masahiro Yamada
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

scripts/mod/modpost.c scripts/mod/modpost.c +7 -1

No files found.
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -2560,6 +2560,7 @@ int main(int argc, char **argv)

 	for (mod = modules; mod; mod = mod->next) {
 		char fname[PATH_MAX];
+		int ret;

 		if (mod->is_vmlinux || mod->from_dump)
 			continue;
@@ -2578,7 +2579,12 @@ int main(int argc, char **argv)
 		add_moddevtable(&buf, mod);
 		add_srcversion(&buf, mod);

-		sprintf(fname, "%s.mod.c", mod->name);
+		ret = snprintf(fname, sizeof(fname), "%s.mod.c", mod->name);
+		if (ret >= sizeof(fname)) {
+			error("%s: too long path was truncated\n", fname);
+			continue;
+		}
+
 		write_if_changed(&buf, fname);
 	}