patch-2.4.11-dontuse linux/net/core/dev.c

• Lines: 25
• Date: Sat Oct 6 15:21:58 2001
• Orig file: v2.4.10/linux/net/core/dev.c
• Orig date: Sun Sep 23 11:41:01 2001

diff -u --recursive --new-file v2.4.10/linux/net/core/dev.c linux/net/core/dev.c
@@ -552,12 +552,22 @@
 {
 	int i;
 	char buf[32];
+	char *p;
 
 	/*
-	 *	If you need over 100 please also fix the algorithm...
+	 * Verify the string as this thing may have come from
+	 * the user.  There must be one "%d" and no other "%"
+	 * characters.
+	 */
+	p = strchr(name, '%');
+	if (!p || p[1] != 'd' || strchr(p+2, '%'))
+		return -EINVAL;
+
+	/*
+	 * If you need over 100 please also fix the algorithm...
 	 */
 	for (i = 0; i < 100; i++) {
-		sprintf(buf,name,i);
+		snprintf(buf,sizeof(buf),name,i);
 		if (__dev_get_by_name(buf) == NULL) {
 			strcpy(dev->name, buf);
 			return i;