s390/cmm: Replace sprintf() with scnprintf() for buffer safety

Replace sprintf() with scnprintf() in cmm_timeout_handler() to prevent
potential buffer overflow. The scnprintf() function ensures we don't
write beyond the buffer size and provides safer string formatting.

Signed-off-by: Josephine Pfeiffer <hi@josie.lol>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

diff --git a/arch/s390/mm/cmm.c b/arch/s390/mm/cmm.c
index e2a6eb92420fcfd3277c64055c9eb608ad20f325..eb7ef63fab1e5e3237ee12db335cd8ae6f2c123d 100644 (file)
--- a/arch/s390/mm/cmm.c
+++ b/arch/s390/mm/cmm.c
@@ -321,8 +321,8 @@ static int cmm_timeout_handler(const struct ctl_table *ctl, int write,
                cmm_set_timeout(nr, seconds);
                *ppos += *lenp;
        } else {
-               len = sprintf(buf, "%ld %ld\n",
-                             cmm_timeout_pages, cmm_timeout_seconds);
+               len = scnprintf(buf, sizeof(buf), "%ld %ld\n",
+                               cmm_timeout_pages, cmm_timeout_seconds);
                if (len > *lenp)
                        len = *lenp;
                memcpy(buffer, buf, len);