crypto: hisilicon/qm - increase the memory of local variables

Increase the buffer to prevent stack overflow by fuzz test. The maximum
length of the qos configuration buffer is 256 bytes. Currently, the value
of the 'val buffer' is only 32 bytes. The sscanf does not check the dest
memory length. So the 'val buffer' may stack overflow.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index e3edb176d9765fadbbc31c7bcc9ee1d0ab5afb7e..5d79e9f0e7e140e7d39852f420be1d38a11cfd4c 100644 (file)
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -250,7 +250,6 @@
 #define QM_QOS_MIN_CIR_B               100
 #define QM_QOS_MAX_CIR_U               6
 #define QM_QOS_MAX_CIR_S               11
-#define QM_QOS_VAL_MAX_LEN             32
 #define QM_DFX_BASE            0x0100000
 #define QM_DFX_STATE1          0x0104000
 #define QM_DFX_STATE2          0x01040C8
@@ -4612,7 +4611,7 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf,
                               unsigned int *fun_index)
 {
        char tbuf_bdf[QM_DBG_READ_LEN] = {0};
-       char val_buf[QM_QOS_VAL_MAX_LEN] = {0};
+       char val_buf[QM_DBG_READ_LEN] = {0};
        u32 tmp1, device, function;
        int ret, bus;