Jon Maloy 7494cfa6d3 tipc: avoid possible string overflow ... gcc points out that the combined length of the fixed-length inputs to l->name is larger than the destination buffer size: net/tipc/link.c: In function 'tipc_link_create': net/tipc/link.c:465:26: error: '%s' directive writing up to 32 bytes into a region of size between 26 and 58 [-Werror=format-overflow=] sprintf(l->name, "%s:%s-%s:unknown", self_str, if_name, peer_str); net/tipc/link.c:465:2: note: 'sprintf' output 11 or more bytes (assuming 75) into a destination of size 60 sprintf(l->name, "%s:%s-%s:unknown", self_str, if_name, peer_str); A detailed analysis reveals that the theoretical maximum length of a link name is: max self_str + 1 + max if_name + 1 + max peer_str + 1 + max if_name = 16 + 1 + 15 + 1 + 16 + 1 + 15 = 65 Since we also need space for a trailing zero we now set MAX_LINK_NAME to 68. Just to be on the safe side we also replace the sprintf() call with snprintf(). Fixes: 25b0b9c4e8 ("tipc: handle collisions of 32-bit node address hash values") Reported-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2018-03-31 22:19:52 -04:00
..
acpi
asm-generic	mm/vmalloc: add interfaces to free unmapped page table	2018-03-22 17:07:01 -07:00
clocksource
crypto
drm
dt-bindings
keys
kvm	KVM: arm/arm64: Reset mapped IRQs on VM reset	2018-03-14 18:29:14 +00:00
linux	Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next	2018-03-30 11:41:18 -04:00
math-emu
media
memory
misc
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next	2018-03-30 11:41:18 -04:00
pcmcia
ras
rdma	net: Drop NETDEV_UNREGISTER_FINAL	2018-03-26 11:34:00 -04:00
scsi	SCSI fixes on 20180306	2018-03-07 10:50:15 -08:00
soc	ARC fixes for 4.16-rc4	2018-03-01 14:32:23 -08:00
sound
target
trace	rxrpc: Trace call completion	2018-03-27 23:08:20 +01:00
uapi	tipc: avoid possible string overflow	2018-03-31 22:19:52 -04:00
video
xen