Some debugfs write functions call kstrto* functions, which
assume the string is null-terminated. Make it valid by changing
ieee80211_if_write() to use static buffer instead of allocating
one, and set the last char to NULL.
(The write functions try to parse some integer/mac address,
so 64 bytes buffer should be enough)
Signed-off-by: Eliad Peller <eliad@xxxxxxxxxx>
---
net/mac80211/debugfs_netdev.c | 13 +++++--------
1 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index f6de8a6..ef5cf26 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -49,16 +49,15 @@ static ssize_t ieee80211_if_write(
size_t count, loff_t *ppos,
ssize_t (*write)(struct ieee80211_sub_if_data *, const char *, int))
{
- u8 *buf;
+ char buf[64];
ssize_t ret;
- buf = kmalloc(count, GFP_KERNEL);
- if (!buf)
- return -ENOMEM;
+ if (count >= sizeof(buf))
+ return -E2BIG;
- ret = -EFAULT;
if (copy_from_user(buf, userbuf, count))
- goto freebuf;
+ return -EFAULT;
+ buf[count] = '\0';
ret = -ENODEV;
rtnl_lock();
@@ -66,8 +65,6 @@ static ssize_t ieee80211_if_write(
ret = (*write)(sdata, buf, count);
rtnl_unlock();
-freebuf:
- kfree(buf);
return ret;
}
--
1.7.6.401.g6a319
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
