diff options
| author | Eliad Peller <eliad@wizery.com> | 2013-08-27 05:40:15 -0400 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2013-10-01 06:16:51 -0400 |
| commit | f364ef99a8e82ee27933d6a0cf5cc1f27e9f0df9 (patch) | |
| tree | 1efd470df60143de6acd2beb73314f7f173711ad /net/mac80211/debugfs.c | |
| parent | ee4bc9e75811d2c0cb5f2a2fc5b51ff037a01f47 (diff) | |
mac80211: fix some snprintf misuses
In some debugfs related functions snprintf was used
while scnprintf should have been used instead.
(blindly adding the return value of snprintf and supplying
it to the next snprintf might result in buffer overflow when
the input is too big)
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211/debugfs.c')
| -rw-r--r-- | net/mac80211/debugfs.c | 55 |
1 files changed, 29 insertions, 26 deletions
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c index b0e32d628114..5c090e41d9bb 100644 --- a/net/mac80211/debugfs.c +++ b/net/mac80211/debugfs.c | |||
| @@ -103,54 +103,57 @@ static ssize_t hwflags_read(struct file *file, char __user *user_buf, | |||
| 103 | if (!buf) | 103 | if (!buf) |
| 104 | return 0; | 104 | return 0; |
| 105 | 105 | ||
| 106 | sf += snprintf(buf, mxln - sf, "0x%x\n", local->hw.flags); | 106 | sf += scnprintf(buf, mxln - sf, "0x%x\n", local->hw.flags); |
| 107 | if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) | 107 | if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) |
| 108 | sf += snprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n"); | 108 | sf += scnprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n"); |
| 109 | if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) | 109 | if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) |
| 110 | sf += snprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n"); | 110 | sf += scnprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n"); |
| 111 | if (local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING) | 111 | if (local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING) |
| 112 | sf += snprintf(buf + sf, mxln - sf, | 112 | sf += scnprintf(buf + sf, mxln - sf, |
| 113 | "HOST_BCAST_PS_BUFFERING\n"); | 113 | "HOST_BCAST_PS_BUFFERING\n"); |
| 114 | if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE) | 114 | if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE) |
| 115 | sf += snprintf(buf + sf, mxln - sf, | 115 | sf += scnprintf(buf + sf, mxln - sf, |
| 116 | "2GHZ_SHORT_SLOT_INCAPABLE\n"); | 116 | "2GHZ_SHORT_SLOT_INCAPABLE\n"); |
| 117 | if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE) | 117 | if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE) |
| 118 | sf += snprintf(buf + sf, mxln - sf, | 118 | sf += scnprintf(buf + sf, mxln - sf, |
| 119 | "2GHZ_SHORT_PREAMBLE_INCAPABLE\n"); | 119 | "2GHZ_SHORT_PREAMBLE_INCAPABLE\n"); |
| 120 | if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC) | 120 | if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC) |
| 121 | sf += snprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n"); | 121 | sf += scnprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n"); |
| 122 | if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) | 122 | if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) |
| 123 | sf += snprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n"); | 123 | sf += scnprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n"); |
| 124 | if (local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC) | 124 | if (local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC) |
| 125 | sf += snprintf(buf + sf, mxln - sf, "NEED_DTIM_BEFORE_ASSOC\n"); | 125 | sf += scnprintf(buf + sf, mxln - sf, |
| 126 | "NEED_DTIM_BEFORE_ASSOC\n"); | ||
| 126 | if (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT) | 127 | if (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT) |
| 127 | sf += snprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n"); | 128 | sf += scnprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n"); |
| 128 | if (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) | 129 | if (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) |
| 129 | sf += snprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n"); | 130 | sf += scnprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n"); |
| 130 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_PS) | 131 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_PS) |
| 131 | sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n"); | 132 | sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n"); |
| 132 | if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) | 133 | if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) |
| 133 | sf += snprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n"); | 134 | sf += scnprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n"); |
| 134 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS) | 135 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS) |
| 135 | sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n"); | 136 | sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n"); |
| 136 | if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE) | 137 | if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE) |
| 137 | sf += snprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n"); | 138 | sf += scnprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n"); |
| 138 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS) | 139 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS) |
| 139 | sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n"); | 140 | sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n"); |
| 140 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) | 141 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) |
| 141 | sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_SMPS\n"); | 142 | sf += scnprintf(buf + sf, mxln - sf, |
| 143 | "SUPPORTS_DYNAMIC_SMPS\n"); | ||
| 142 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) | 144 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) |
| 143 | sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n"); | 145 | sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n"); |
| 144 | if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) | 146 | if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) |
| 145 | sf += snprintf(buf + sf, mxln - sf, "REPORTS_TX_ACK_STATUS\n"); | 147 | sf += scnprintf(buf + sf, mxln - sf, |
| 148 | "REPORTS_TX_ACK_STATUS\n"); | ||
| 146 | if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) | 149 | if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) |
| 147 | sf += snprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n"); | 150 | sf += scnprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n"); |
| 148 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK) | 151 | if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK) |
| 149 | sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n"); | 152 | sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n"); |
| 150 | if (local->hw.flags & IEEE80211_HW_AP_LINK_PS) | 153 | if (local->hw.flags & IEEE80211_HW_AP_LINK_PS) |
| 151 | sf += snprintf(buf + sf, mxln - sf, "AP_LINK_PS\n"); | 154 | sf += scnprintf(buf + sf, mxln - sf, "AP_LINK_PS\n"); |
| 152 | if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW) | 155 | if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW) |
| 153 | sf += snprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n"); | 156 | sf += scnprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n"); |
| 154 | 157 | ||
| 155 | rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf)); | 158 | rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf)); |
| 156 | kfree(buf); | 159 | kfree(buf); |