Search Linux Wireless

[PATCH 02/12] iwlwifi: replace sprintf with scnprintf for debugfs output

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Abhijeet Kolekar <abhijeet.kolekar@xxxxxxxxx>

The buffersize allocated is not accurate.
Writing to these buffers with scnprintf is safer.

Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@xxxxxxxxx>
Signed-off-by: Reinette Chatre <reinette.chatre@xxxxxxxxx>
---
 drivers/net/wireless/iwlwifi/iwl-debugfs.c |   71 +++++++++++++++++-----------
 1 files changed, 43 insertions(+), 28 deletions(-)

diff --git a/drivers/net/wireless/iwlwifi/iwl-debugfs.c b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
index 23632e5..cbea477 100644
--- a/drivers/net/wireless/iwlwifi/iwl-debugfs.c
+++ b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
@@ -102,10 +102,14 @@ static ssize_t iwl_dbgfs_tx_statistics_read(struct file *file,
 	struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
 	char buf[256];
 	int pos = 0;
+	const size_t bufsz = sizeof(buf);
 
-	pos += sprintf(buf+pos, "mgmt: %u\n", priv->tx_stats[0].cnt);
-	pos += sprintf(buf+pos, "ctrl: %u\n", priv->tx_stats[1].cnt);
-	pos += sprintf(buf+pos, "data: %u\n", priv->tx_stats[2].cnt);
+	pos += scnprintf(buf + pos, bufsz - pos, "mgmt: %u\n",
+						priv->tx_stats[0].cnt);
+	pos += scnprintf(buf + pos, bufsz - pos, "ctrl: %u\n",
+						priv->tx_stats[1].cnt);
+	pos += scnprintf(buf + pos, bufsz - pos, "data: %u\n",
+						priv->tx_stats[2].cnt);
 
 	return simple_read_from_buffer(user_buf, count, ppos, buf, pos);
 }
@@ -117,10 +121,14 @@ static ssize_t iwl_dbgfs_rx_statistics_read(struct file *file,
 	struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
 	char buf[256];
 	int pos = 0;
+	const size_t bufsz = sizeof(buf);
 
-	pos += sprintf(buf+pos, "mgmt: %u\n", priv->rx_stats[0].cnt);
-	pos += sprintf(buf+pos, "ctrl: %u\n", priv->rx_stats[1].cnt);
-	pos += sprintf(buf+pos, "data: %u\n", priv->rx_stats[2].cnt);
+	pos += scnprintf(buf + pos, bufsz - pos, "mgmt: %u\n",
+						priv->rx_stats[0].cnt);
+	pos += scnprintf(buf + pos, bufsz - pos, "ctrl: %u\n",
+						priv->rx_stats[1].cnt);
+	pos += scnprintf(buf + pos, bufsz - pos, "data: %u\n",
+						priv->rx_stats[2].cnt);
 
 	return simple_read_from_buffer(user_buf, count, ppos, buf, pos);
 }
@@ -138,6 +146,7 @@ static ssize_t iwl_dbgfs_sram_read(struct file *file,
 	int i;
 	int pos = 0;
 	struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
+	const size_t bufsz = sizeof(buf);
 
 	printk(KERN_DEBUG "offset is: 0x%x\tlen is: 0x%x\n",
 	priv->dbgfs->sram_offset, priv->dbgfs->sram_len);
@@ -159,9 +168,9 @@ static ssize_t iwl_dbgfs_sram_read(struct file *file,
 				break;
 			}
 		}
-		pos += sprintf(buf+pos, "0x%08x ", val);
+		pos += scnprintf(buf + pos, bufsz - pos, "0x%08x ", val);
 	}
-	pos += sprintf(buf+pos, "\n");
+	pos += scnprintf(buf + pos, bufsz - pos, "\n");
 	iwl_release_nic_access(priv);
 
 	ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
@@ -210,44 +219,50 @@ static ssize_t iwl_dbgfs_stations_read(struct file *file, char __user *user_buf,
 	if(!buf)
 		return -ENOMEM;
 
-	pos += sprintf(buf+pos, "num of stations: %d\n\n",
+	pos += scnprintf(buf + pos, bufsz - pos, "num of stations: %d\n\n",
 			priv->num_stations);
 
 	for (i = 0; i < max_sta; i++) {
 		station = &priv->stations[i];
 		if (station->used) {
-			pos += sprintf(buf+pos, "station %d:\ngeneral data:\n",
-					i+1);
+			pos += scnprintf(buf + pos, bufsz - pos,
+					"station %d:\ngeneral data:\n", i+1);
 			print_mac(mac, station->sta.sta.addr);
-			pos += sprintf(buf+pos, "id: %u\n",
+			pos += scnprintf(buf + pos, bufsz - pos, "id: %u\n",
 					station->sta.sta.sta_id);
-			pos += sprintf(buf+pos, "mode: %u\n",
+			pos += scnprintf(buf + pos, bufsz - pos, "mode: %u\n",
 					station->sta.mode);
-			pos += sprintf(buf+pos, "flags: 0x%x\n",
+			pos += scnprintf(buf + pos, bufsz - pos,
+					"flags: 0x%x\n",
 					station->sta.station_flags_msk);
-			pos += sprintf(buf+pos, "ps_status: %u\n",
-					station->ps_status);
-
-			pos += sprintf(buf+pos, "tid data:\n");
-
-			pos += sprintf(buf+pos, "seq_num\t\ttxq_id\t");
-			pos += sprintf(buf+pos, "frame_count\twait_for_ba\t");
-			pos += sprintf(buf+pos, "start_idx\tbitmap0\t");
-			pos += sprintf(buf+pos, "bitmap1\trate_n_flags\n");
+			pos += scnprintf(buf + pos, bufsz - pos,
+					"ps_status: %u\n", station->ps_status);
+			pos += scnprintf(buf + pos, bufsz - pos, "tid data:\n");
+			pos += scnprintf(buf + pos, bufsz - pos,
+					"seq_num\t\ttxq_id\t");
+			pos += scnprintf(buf + pos, bufsz - pos,
+					"frame_count\twait_for_ba\t");
+			pos += scnprintf(buf + pos, bufsz - pos,
+					"start_idx\tbitmap0\t");
+			pos += scnprintf(buf + pos, bufsz - pos,
+					"bitmap1\trate_n_flags\n");
 
 			for (j = 0; j < MAX_TID_COUNT; j++) {
-				pos += sprintf(buf+pos, "[%d]:\t\t%u\t",
-						j, station->tid[j].seq_number);
-				pos += sprintf(buf+pos, "%u\t\t%u\t\t%u\t\t",
+				pos += scnprintf(buf + pos, bufsz - pos,
+						"[%d]:\t\t%u\t", j,
+						station->tid[j].seq_number);
+				pos += scnprintf(buf + pos, bufsz - pos,
+						"%u\t\t%u\t\t%u\t\t",
 						station->tid[j].agg.txq_id,
 						station->tid[j].agg.frame_count,
 						station->tid[j].agg.wait_for_ba);
-				pos += sprintf(buf+pos, "%u\t%llu\t%u\n",
+				pos += scnprintf(buf + pos, bufsz - pos,
+						"%u\t%llu\t%u\n",
 						station->tid[j].agg.start_idx,
 						(unsigned long long)station->tid[j].agg.bitmap,
 						station->tid[j].agg.rate_n_flags);
 			}
-			pos += sprintf(buf+pos, "\n");
+			pos += scnprintf(buf + pos, bufsz - pos, "\n");
 		}
 	}
 
-- 
1.5.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux