bonding: fix second off-by-one error
authornikolay@redhat.com <nikolay@redhat.com>
Wed, 31 Oct 2012 06:03:52 +0000 (06:03 +0000)
committerDavid S. Miller <davem@davemloft.net>
Thu, 1 Nov 2012 15:53:44 +0000 (11:53 -0400)
Fix off-by-one error because IFNAMSIZ == 16 and when this
code gets executed we stick a NULL byte where we should not.

How to reproduce:
 with CONFIG_CC_STACKPROTECTOR=y (otherwise it may pass by silently)
 modprobe bonding; echo 1 > /sys/class/net/bond0/bonding/mode;
 echo "AAAAAAAAAAAAAAAA" > /sys/class/net/bond0/bonding/active_slave;

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Note: Sorry for the second patch but I missed this one while checking
      the file. You can squash them into one patch.
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/bonding/bond_sysfs.c

index 238d9b3e2252b22c3405291edbffc5df946a4608..ef8d2a080d17f4c61b8f28aa7e07bc54ed5c0abc 100644 (file)
@@ -1237,7 +1237,7 @@ static ssize_t bonding_store_active_slave(struct device *d,
                goto out;
        }
 
-       sscanf(buf, "%16s", ifname); /* IFNAMSIZ */
+       sscanf(buf, "%15s", ifname); /* IFNAMSIZ */
 
        /* check to see if we are clearing active */
        if (!strlen(ifname) || buf[0] == '\n') {