staging/rtl8192u/ieee80211: Fix buffer overflow in ieee80211_softmac_wx.c
Clang/scan-build complains about a possible buffer overflow in ieee80211_wx_get_name: .../staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c:499:3: warning: String copy function overflows destination buffer strcat(wrqu->name," link.."); .../staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c:497:3: warning: String copy function overflows destination buffer strcat(wrqu->name," linked"); The buffer wrqu->name is only IFNAMSIZ bytes big (currently 16), so if we have a "802.11b/g/n linked" device we overrun the buffer by 3 bytes. -> Use strlcopy / strlcat to populate the name. This is done in a similar fashion in staging/rtl8187se/ieee80211/ieee80211_softmac_wx.c While at it cleaned some whitespace issues. Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
fae7e4d393
commit
67a88e6390
|
@ -482,22 +482,23 @@ int ieee80211_wx_get_name(struct ieee80211_device *ieee,
|
|||
struct iw_request_info *info,
|
||||
union iwreq_data *wrqu, char *extra)
|
||||
{
|
||||
strcpy(wrqu->name, "802.11");
|
||||
if(ieee->modulation & IEEE80211_CCK_MODULATION){
|
||||
strcat(wrqu->name, "b");
|
||||
if(ieee->modulation & IEEE80211_OFDM_MODULATION)
|
||||
strcat(wrqu->name, "/g");
|
||||
}else if(ieee->modulation & IEEE80211_OFDM_MODULATION)
|
||||
strcat(wrqu->name, "g");
|
||||
strlcpy(wrqu->name, "802.11", IFNAMSIZ);
|
||||
if (ieee->modulation & IEEE80211_CCK_MODULATION) {
|
||||
strlcat(wrqu->name, "b", IFNAMSIZ);
|
||||
if (ieee->modulation & IEEE80211_OFDM_MODULATION)
|
||||
strlcat(wrqu->name, "/g", IFNAMSIZ);
|
||||
} else if (ieee->modulation & IEEE80211_OFDM_MODULATION) {
|
||||
strlcat(wrqu->name, "g", IFNAMSIZ);
|
||||
}
|
||||
|
||||
if (ieee->mode & (IEEE_N_24G | IEEE_N_5G))
|
||||
strcat(wrqu->name, "/n");
|
||||
|
||||
if((ieee->state == IEEE80211_LINKED) ||
|
||||
(ieee->state == IEEE80211_LINKED_SCANNING))
|
||||
strcat(wrqu->name," linked");
|
||||
else if(ieee->state != IEEE80211_NOLINK)
|
||||
strcat(wrqu->name," link..");
|
||||
strlcat(wrqu->name, "/n", IFNAMSIZ);
|
||||
|
||||
if ((ieee->state == IEEE80211_LINKED) ||
|
||||
(ieee->state == IEEE80211_LINKED_SCANNING))
|
||||
strlcat(wrqu->name, " linked", IFNAMSIZ);
|
||||
else if (ieee->state != IEEE80211_NOLINK)
|
||||
strlcat(wrqu->name, " link..", IFNAMSIZ);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue