From 75a384ceda93df0ec2436f0188e58f166a609c49 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Wed, 18 Oct 2023 17:20:11 +0300 Subject: ptp: prevent string overflow The ida_alloc_max() function can return up to INT_MAX so this buffer is not large enough. Also use snprintf() for extra safety. Fixes: 403376ddb422 ("ptp: add debugfs interface to see applied channel masks") Signed-off-by: Dan Carpenter Reviewed-by: Przemek Kitszel Link: https://lore.kernel.org/r/d4b1a995-a0cb-4125-aa1d-5fd5044aba1d@moroto.mountain Signed-off-by: Jakub Kicinski --- drivers/ptp/ptp_clock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/ptp') diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c index 2e801cd33220..3d1b0a97301c 100644 --- a/drivers/ptp/ptp_clock.c +++ b/drivers/ptp/ptp_clock.c @@ -220,7 +220,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, struct ptp_clock *ptp; struct timestamp_event_queue *queue = NULL; int err = 0, index, major = MAJOR(ptp_devt); - char debugfsname[8]; + char debugfsname[16]; size_t size; if (info->n_alarm > PTP_MAX_ALARMS) @@ -343,7 +343,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, } /* Debugfs initialization */ - sprintf(debugfsname, "ptp%d", ptp->index); + snprintf(debugfsname, sizeof(debugfsname), "ptp%d", ptp->index); ptp->debugfs_root = debugfs_create_dir(debugfsname, NULL); return ptp; -- cgit v1.2.3-58-ga151