2013-01-20 09:53:07

by Chen Gang

[permalink] [raw]

Subject: [PATCH] drivers/net/wireless/iwlegacy: adding check length for parameter buf

---

the parameter 'const char *buf' may be not '\0' based string.
so need check the length before use it.

additinal info:
originally, it had the relative checking.
but it was deleted when fix another issues (using strlcpy instead of
strncpy)
and now, we need restore the checking (but still keep strlcpy)

Signed-off-by: Chen Gang <[email protected]>
---
drivers/net/wireless/iwlegacy/3945-mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c
b/drivers/net/wireless/iwlegacy/3945-mac.c
index 050ce7c..71cdbac 100644
--- a/drivers/net/wireless/iwlegacy/3945-mac.c
+++ b/drivers/net/wireless/iwlegacy/3945-mac.c
@@ -3273,7 +3273,7 @@ il3945_store_measurement(struct device *d, struct
device_attribute *attr,

if (count) {
char *p = buffer;
- strlcpy(buffer, buf, sizeof(buffer));
+ strlcpy(buffer, buf, min(sizeof(buffer), count));
channel = simple_strtoul(p, NULL, 0);
if (channel)
params.channel = channel;
--
1.7.10.4

2013-01-20 10:43:08

by Chen Gang F T

[permalink] [raw]

Subject: Re: [PATCH] drivers/net/wireless/iwlegacy: adding check length for parameter buf

---

oh, sorry, it is my fault.

according to fill_write_buffer in fs/sysfs/file.c,
we can assume that 'const char *buf' must be '\0' based string.

please skip this patch.


gchen.


?? 2013??01??20?? 17:53, Chen Gang д??:
>
> the parameter 'const char *buf' may be not '\0' based string.
> so need check the length before use it.
>
> additinal info:
> originally, it had the relative checking.
> but it was deleted when fix another issues (using strlcpy instead of
> strncpy)
> and now, we need restore the checking (but still keep strlcpy)
>
> Signed-off-by: Chen Gang <[email protected]>
> ---
> drivers/net/wireless/iwlegacy/3945-mac.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c
> b/drivers/net/wireless/iwlegacy/3945-mac.c
> index 050ce7c..71cdbac 100644
> --- a/drivers/net/wireless/iwlegacy/3945-mac.c
> +++ b/drivers/net/wireless/iwlegacy/3945-mac.c
> @@ -3273,7 +3273,7 @@ il3945_store_measurement(struct device *d, struct
> device_attribute *attr,
>
> if (count) {
> char *p = buffer;
> - strlcpy(buffer, buf, sizeof(buffer));
> + strlcpy(buffer, buf, min(sizeof(buffer), count));
> channel = simple_strtoul(p, NULL, 0);
> if (channel)
> params.channel = channel;
>


--
Chen Gang

Flying Transformer

---

Attachments:

chen_gang_flying_transformer.vcf (67.00 B)