commit 53f91dc1f76922375ad7957ef29f48986722532d
author Changli Gao <xiaosuo@gmail.com> Tue Aug 24 13:32:58 2010 +0000
committer David S. Miller <davem@davemloft.net> Thu Aug 26 14:11:49 2010 -0700
tree 71583203eb39de7ccf1733930833e9d229c38333
parent 145ce502e44b57c074c72cfdc855557e19026999

net: use scnprintf() to avoid potential buffer overflow

strlcpy() returns the total length of the string they tried to create, so
we should not use its return value without any check. scnprintf() returns
the number of characters written into @buf not including the trailing '\0',
so use it instead here.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ethernet/eth.c

diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c
index 215c839..85e7b45 100644
--- a/net/ethernet/eth.c
+++ b/net/ethernet/eth.c
@@ -367,7 +367,7 @@
 EXPORT_SYMBOL(alloc_etherdev_mq);
 
 static size_t _format_mac_addr(char *buf, int buflen,
-				const unsigned char *addr, int len)
+			       const unsigned char *addr, int len)
 {
 	int i;
 	char *cp = buf;
@@ -376,7 +376,7 @@
 		cp += scnprintf(cp, buflen - (cp - buf), "%02x", addr[i]);
 		if (i == len - 1)
 			break;
-		cp += strlcpy(cp, ":", buflen - (cp - buf));
+		cp += scnprintf(cp, buflen - (cp - buf), ":");
 	}
 	return cp - buf;
 }
@@ -386,7 +386,7 @@
 	size_t l;
 
 	l = _format_mac_addr(buf, PAGE_SIZE, addr, len);
-	l += strlcpy(buf + l, "\n", PAGE_SIZE - l);
+	l += scnprintf(buf + l, PAGE_SIZE - l, "\n");
 	return ((ssize_t) l);
 }
 EXPORT_SYMBOL(sysfs_format_mac);