[U-Boot] [PATCH 4/4] Use snprintf() in network code
Mike Frysinger
vapier at gentoo.org
Fri Sep 23 20:15:26 CEST 2011
On Friday, September 23, 2011 13:38:52 Simon Glass wrote:
> This tidies up network code to use snprintf() in most cases instead of
> sprintf(). A few functions remain as they require header file changes.
NAK to most of these. we pick local sized buffers that are known to not
overflow, or require circumstances that aren't really feasible.
3 examples (which are the first 3 changes in this patch) below ...
> --- a/net/eth.c
> +++ b/net/eth.c
>
> char buf[20];
> - sprintf(buf, "%pM", enetaddr);
> + snprintf(buf, sizeof(buf), "%pM", enetaddr);
a mac address will not take more than 19 bytes. unless the sprintf code is
completely busted, but if that's the case, we should fix that instead since
it'd be pretty fundamentally screwed.
> char enetvar[32];
> - sprintf(enetvar, index ? "%s%daddr" : "%saddr", base_name, index);
> + snprintf(enetvar, sizeof(enetvar), index ? "%s%daddr" : "%saddr",
> + base_name, index);
in order for this to overflow, we have to have 1000+ eth devices (maybe more?
i'd have to read the code closer)
> char enetvar[15];
> - sprintf(enetvar, index ? "eth%dmacskip" : "ethmacskip", index);
> + snprintf(enetvar, sizeof(enetvar),
> + index ? "eth%dmacskip" : "ethmacskip", index);
in order for this to overflow, we have to have 10000+ eth devices
please look at the realistic needs rather than blanket converting to snprintf
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.denx.de/pipermail/u-boot/attachments/20110923/0dca814e/attachment.pgp
More information about the U-Boot
mailing list