scsi: BusLogic: Avoid unbounded vsprintf() use

Existing blogic_msg() invocations do not appear to overrun its internal
buffer of a fixed length of 100, which would cause stack corruption, but
it's easy to miss with possible further updates and a fix is cheap in
performance terms, so limit the output produced into the buffer by using
vscnprintf() rather than vsprintf().

Link: https://lore.kernel.org/r/alpine.DEB.2.21.2104201939390.44318@angie.orcam.me.uk
Acked-by: Khalid Aziz <khalid@gonehiking.org>
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/BusLogic.c b/drivers/scsi/BusLogic.c
index 4d8556f..0bcedd9 100644 (file)
--- a/drivers/scsi/BusLogic.c
+++ b/drivers/scsi/BusLogic.c
@@ -3436,7 +3436,7 @@ static void blogic_msg(enum blogic_msglevel msglevel, char *fmt,
        int len = 0;
 
        va_start(args, adapter);
-       len = vsprintf(buf, fmt, args);
+       len = vscnprintf(buf, sizeof(buf), fmt, args);
        va_end(args);
        if (msglevel == BLOGIC_ANNOUNCE_LEVEL) {
                static int msglines = 0;