projects / firefly-linux-kernel-4.4.55.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fae7e4d) | patch
staging/rtl8192u/ieee80211: Fix buffer overflow in ieee80211_softmac_wx.c
authorPeter Huewe <peterhuewe@gmx.de>
Thu, 14 Feb 2013 03:08:55 +0000 (04:08 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 14 Feb 2013 17:26:23 +0000 (09:26 -0800)
commit67a88e6390e52e42b72342a88fab458ada00ba28
tree23bec107be525564cd07f6b3cf6e3011f05324a6tree | snapshot
parentfae7e4d39373305cf505d1f0871a4491897d56f9commit | diff
staging/rtl8192u/ieee80211: Fix buffer overflow in ieee80211_softmac_wx.c

Clang/scan-build complains about a possible buffer overflow in
ieee80211_wx_get_name:

.../staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c:499:3:
warning: String copy function overflows destination buffer
strcat(wrqu->name," link..");

.../staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c:497:3:
warning: String copy function overflows destination buffer
strcat(wrqu->name," linked");

The buffer wrqu->name is only IFNAMSIZ bytes big (currently 16),
so if we have a "802.11b/g/n linked" device we overrun the buffer by 3
bytes.

-> Use strlcopy / strlcat to populate the name.
This is done in a similar fashion in
staging/rtl8187se/ieee80211/ieee80211_softmac_wx.c

While at it cleaned some whitespace issues.

Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.