On Wed, Aug 12, 2015 at 11:05:58PM +0530, Chandra S Gorentla wrote:
> - if (copy_from_user(buffer, buf, count)) {
> + ret = simple_write_to_buffer(buffer, sizeof(buffer), ppos, buf, count);
This part doesn't make sense. Use copy_from_user(). Also it's not NUL
terminated so it leads to a read past the end of the array later. In
the original code, we just looked at the first char and didn't use
kstrtoint() so we didn't care about NUL termination.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
