Bruno Randolf <bruno@xxxxxxxxxxxxx> writes:
> @@ -209,7 +209,12 @@ static ssize_t write_file_tsf(struct file *file,
> size_t count, loff_t *ppos)
> {
> struct ath5k_softc *sc = file->private_data;
> - if (strncmp(userbuf, "reset", 5) == 0) {
> + char buf[20];
> +
> + if (copy_from_user(buf, userbuf, min_t(size_t, count, 20)))
> + return -EFAULT;
How about let the compiler count the size of buf? Like this:
if (copy_from_user(buf, userbuf, min_t(size_t, count, sizeof(buf))))
That way the size of buf is only in one place, and we might avoid a
bug whenever someone changes the size of buf.
> +static ssize_t read_file_debug(struct file *file, char __user *user_buf,
> + size_t count, loff_t *ppos)
> +{
> + struct ath5k_softc *sc = file->private_data;
> + char buf[1000];
To my eyes allocating 1000 bytes from stack is too large.
--
Kalle Valo
-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
