greybus: interface: fix potential attribute-buffer overflow

Use scnprintf in the generic attribute helper, which does not currently
check for buffer overflow.

The attribute helper is used to print generic strings, which could
potentially overflow the buffer. Note that the only strings currently
exported are taken from greybus string descriptors and should therefore
be limited to 255 chars.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

diff --git a/drivers/staging/greybus/interface.c b/drivers/staging/greybus/interface.c
index c5211a3..0c3613e 100644 (file)
--- a/drivers/staging/greybus/interface.c
+++ b/drivers/staging/greybus/interface.c
@@ -16,7 +16,7 @@ static ssize_t field##_show(struct device *dev,                               \
                            char *buf)                                  \
 {                                                                      \
        struct gb_interface *intf = to_gb_interface(dev);               \
-       return sprintf(buf, "%"#type"\n", intf->field);                 \
+       return scnprintf(buf, PAGE_SIZE, "%"#type"\n", intf->field);    \
 }                                                                      \
 static DEVICE_ATTR_RO(field)