ptp: prevent string overflow

The ida_alloc_max() function can return up to INT_MAX so this buffer is not large enough. Also use snprintf() for extra safety. Fixes: 403376dd ("ptp: add debugfs interface to see applied channel masks") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com> Link: https://lore.kernel.org/r/d4b1a995-a0cb-4125-aa1d-5fd5044aba1d@moroto.mountainSigned-off-by: Jakub Kicinski <kuba@kernel.org>

ptp: prevent string overflow
The ida_alloc_max() function can return up to INT_MAX so this buffer is not large enough. Also use snprintf() for extra safety. Fixes: 403376dd ("ptp: add debugfs interface to see applied channel masks") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com> Link: https://lore.kernel.org/r/d4b1a995-a0cb-4125-aa1d-5fd5044aba1d@moroto.mountainSigned-off-by: Jakub Kicinski <kuba@kernel.org>
75a384ce · Dan Carpenter · Jakub Kicinski · 041c3466 · 75a384ce
Commit 75a384ce authored Oct 18, 2023 by Dan Carpenter Committed by Jakub Kicinski Oct 19, 2023
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

drivers/ptp/ptp_clock.c drivers/ptp/ptp_clock.c +2 -2

No files found.
--- a/drivers/ptp/ptp_clock.c
+++ b/drivers/ptp/ptp_clock.c
@@ -220,7 +220,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
 	struct ptp_clock *ptp;
 	struct timestamp_event_queue *queue = NULL;
 	int err = 0, index, major = MAJOR(ptp_devt);
-	char debugfsname[8];
+	char debugfsname[16];
 	size_t size;

 	if (info->n_alarm > PTP_MAX_ALARMS)
@@ -343,7 +343,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
 	}

 	/* Debugfs initialization */
-	sprintf(debugfsname, "ptp%d", ptp->index);
+	snprintf(debugfsname, sizeof(debugfsname), "ptp%d", ptp->index);
 	ptp->debugfs_root = debugfs_create_dir(debugfsname, NULL);

 	return ptp;