net/nfp: fix buffer overflow of FW strings

drivers/net/nfp/nfp_net.c: In function ‘nfp_pf_pci_probe’:
drivers/net/nfp/nfp_net.c:3160: 23: error:
‘%s’ directive writing up to 99 bytes into a region of size 76
[-Werror=format-overflow=]
  sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial);

Note fw_buf still has to increase somewhat even after
restricting serial[], since otherwise:

drivers/net/nfp/nfp_net.c: In function ‘nfp_pf_pci_probe’:
drivers/net/nfp/nfp_net.c:3176:23:
error: ‘%s’ directive writing up to 99 bytes into a region of size 76
[-Werror=format-overflow=]
  sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
                       ^~
drivers/net/nfp/nfp_net.c:3262:32:
  err = nfp_fw_upload(dev, nsp, card_desc);
                                ~~~~~~~~~
drivers/net/nfp/nfp_net.c:3176:2:
note: ‘sprintf’ output between 25 and 124 bytes into a destination of size 100
  sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);

Fixes: 896c265ef954 ("net/nfp: use new CPP interface")

Signed-off-by: Andy Green <andy@warmcat.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c
index ff6aad0..8a712d6 100644 (file)
--- a/drivers/net/nfp/nfp_net.c
+++ b/drivers/net/nfp/nfp_net.c
@@ -2983,8 +2983,8 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
        struct nfp_cpp *cpp = nsp->cpp;
        int fw_f;
        char *fw_buf;
-       char fw_name[100];
-       char serial[100];
+       char fw_name[125];
+       char serial[40];
        struct stat file_stat;
        off_t fsize, bytes;