summaryrefslogtreecommitdiffstats
path: root/net/ipv4/tcp_ulp.c
diff options
context:
space:
mode:
authorHangbin Liu <liuhangbin@gmail.com>2019-11-20 16:38:08 +0800
committerDavid S. Miller <davem@davemloft.net>2019-11-20 22:23:36 -0800
commit9bb59a21f53e7231696257d5e6283a4fbacfb43f (patch)
tree74a2d5c284838dca140388d71a7f226057aa9b36 /net/ipv4/tcp_ulp.c
parentc0d59da79534e85eb550d863e35eccc8c3fd8ceb (diff)
downloadlinux-stable-9bb59a21f53e7231696257d5e6283a4fbacfb43f.tar.gz
linux-stable-9bb59a21f53e7231696257d5e6283a4fbacfb43f.tar.bz2
linux-stable-9bb59a21f53e7231696257d5e6283a4fbacfb43f.zip
tcp: warn if offset reach the maxlen limit when using snprintf
snprintf returns the number of chars that would be written, not number of chars that were actually written. As such, 'offs' may get larger than 'tbl.maxlen', causing the 'tbl.maxlen - offs' being < 0, and since the parameter is size_t, it would overflow. Since using scnprintf may hide the limit error, while the buffer is still enough now, let's just add a WARN_ON_ONCE in case it reach the limit in future. v2: Use WARN_ON_ONCE as Jiri and Eric suggested. Suggested-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_ulp.c')
-rw-r--r--net/ipv4/tcp_ulp.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c
index 4849edb62d52..12ab5db2b71c 100644
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -92,6 +92,9 @@ void tcp_get_available_ulp(char *buf, size_t maxlen)
offs += snprintf(buf + offs, maxlen - offs,
"%s%s",
offs == 0 ? "" : " ", ulp_ops->name);
+
+ if (WARN_ON_ONCE(offs >= maxlen))
+ break;
}
rcu_read_unlock();
}