s390/vmur: Use scnprintf() instead of sprintf()

Use scnprintf() instead of sprintf() for those cases where the destination
is an array and the size of the array is known at compile time.

This prevents theoretical buffer overflows, but also avoids that people
again and again spend time to figure out if the code is actually safe.

Reviewed-by: Jan Polensky <japo@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

diff --git a/drivers/s390/char/vmur.c b/drivers/s390/char/vmur.c
index e3e0e9f365277ceba55efd82e392d1766f065e67..a226ff208edaeeb4afa849f4446079776a404769 100644 (file)
--- a/drivers/s390/char/vmur.c
+++ b/drivers/s390/char/vmur.c
@@ -154,7 +154,7 @@ static struct urdev *urdev_get_from_devno(u16 devno)
        struct ccw_device *cdev;
        struct urdev *urd;
 
-       sprintf(bus_id, "0.0.%04x", devno);
+       scnprintf(bus_id, sizeof(bus_id), "0.0.%04x", devno);
        cdev = get_ccwdev_by_busid(&ur_driver, bus_id);
        if (!cdev)
                return NULL;
@@ -904,11 +904,11 @@ static int ur_set_online(struct ccw_device *cdev)
                goto fail_free_cdev;
        if (urd->cdev->id.cu_type == READER_PUNCH_DEVTYPE) {
                if (urd->class == DEV_CLASS_UR_I)
-                       sprintf(node_id, "vmrdr-%s", dev_name(&cdev->dev));
+                       scnprintf(node_id, sizeof(node_id), "vmrdr-%s", dev_name(&cdev->dev));
                if (urd->class == DEV_CLASS_UR_O)
-                       sprintf(node_id, "vmpun-%s", dev_name(&cdev->dev));
+                       scnprintf(node_id, sizeof(node_id), "vmpun-%s", dev_name(&cdev->dev));
        } else if (urd->cdev->id.cu_type == PRINTER_DEVTYPE) {
-               sprintf(node_id, "vmprt-%s", dev_name(&cdev->dev));
+               scnprintf(node_id, sizeof(node_id), "vmprt-%s", dev_name(&cdev->dev));
        } else {
                rc = -EOPNOTSUPP;
                goto fail_free_cdev;