[PATCH] nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()

Sagi Grimberg sagi at grimberg.me
Wed May 8 00:48:55 PDT 2024



On 08/05/2024 10:43, Dan Carpenter wrote:
> The nsid value is a u32 that comes from nvmet_req_find_ns().  It's
> endian data and we're on an error path and both of those raise red
> flags.  So let's make this safer.
>
> 1) Make the buffer large enough for any u32.
> 2) Remove the unnecessary initialization.
> 3) Use snprintf() instead of sprintf() for even more safety.
> 4) The sprintf() function returns the number of bytes printed, not
>     counting the NUL terminator. It is impossible for the return value to
>     be <= 0 so delete that.
>
> Fixes: 505363957fad ("nvmet: fix nvme status code when namespace is disabled")
> Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>

Reviewed-by: Sagi Grimberg <sagi at grimberg.me>



More information about the Linux-nvme mailing list