From: Masahiro Yamada <masahiroy@kernel.org>
Date: Sun, 24 Apr 2022 19:07:45 +0000 (+0900)
Subject: modpost: use snprintf() instead of sprintf() for safety
X-Git-Tag: microblaze-v5.20~141^2~33
X-Git-Url: http://git.monstr.eu/?a=commitdiff_plain;h=15a28c7c72917f96820e9e9ccd113606363ba3ac;p=linux-2.6-microblaze.git

modpost: use snprintf() instead of sprintf() for safety

Use snprintf() to avoid the potential buffer overflow, and also
check the return value to detect the too long path.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
---

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 522d5249d196..141370ebbfd3 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -2560,6 +2560,7 @@ int main(int argc, char **argv)
 
 	for (mod = modules; mod; mod = mod->next) {
 		char fname[PATH_MAX];
+		int ret;
 
 		if (mod->is_vmlinux || mod->from_dump)
 			continue;
@@ -2578,7 +2579,12 @@ int main(int argc, char **argv)
 		add_moddevtable(&buf, mod);
 		add_srcversion(&buf, mod);
 
-		sprintf(fname, "%s.mod.c", mod->name);
+		ret = snprintf(fname, sizeof(fname), "%s.mod.c", mod->name);
+		if (ret >= sizeof(fname)) {
+			error("%s: too long path was truncated\n", fname);
+			continue;
+		}
+
 		write_if_changed(&buf, fname);
 	}