greybus: interface: fix potential attribute-buffer overflow

Use scnprintf in the generic attribute helper, which does not currently
check for buffer overflow.

The attribute helper is used to print generic strings, which could
potentially overflow the buffer. Note that the only strings currently
exported are taken from greybus string descriptors and should therefore
be limited to 255 chars.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

diff --git a/drivers/staging/greybus/interface.c b/drivers/staging/greybus/interface.c
index c5211a313d346bda6e6726c8498fedead6b6bde2..0c3613e16d578833bed4e1f2a3af8ee44405d187 100644 (file)
--- a/drivers/staging/greybus/interface.c
+++ b/drivers/staging/greybus/interface.c
@@ -16,7 +16,7 @@ static ssize_t field##_show(struct device *dev,                               \
                            char *buf)                                  \
 {                                                                      \
        struct gb_interface *intf = to_gb_interface(dev);               \
-       return sprintf(buf, "%"#type"\n", intf->field);                 \
+       return scnprintf(buf, PAGE_SIZE, "%"#type"\n", intf->field);    \
 }                                                                      \
 static DEVICE_ATTR_RO(field)