mac80211: add NULL terminator to debugfs_netdev write buf

Some debugfs write functions call kstrto* functions, which
assume the string is null-terminated. Make it valid by changing
ieee80211_if_write() to use static buffer instead of allocating
one, and set the last char to NULL.

(The write functions try to parse some integer/mac address,
so 64 bytes buffer should be enough)

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

1 files changed, 5 insertions, 8 deletions

diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index f6de8a65f402..ef5cf2685657 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -49,16 +49,15 @@ static ssize_t ieee80211_if_write(
         size_t count, loff_t *ppos,
         ssize_t (*write)(struct ieee80211_sub_if_data *, const char *, int))
 {
-        u8 *buf;
+        char buf[64];
         ssize_t ret;
 
-        buf = kmalloc(count, GFP_KERNEL);
-        if (!buf)
-                return -ENOMEM;
+        if (count >= sizeof(buf))
+                return -E2BIG;
 
-        ret = -EFAULT;
         if (copy_from_user(buf, userbuf, count))
-                goto freebuf;
+                return -EFAULT;
+        buf[count] = '\0';
 
         ret = -ENODEV;
         rtnl_lock();
@@ -66,8 +65,6 @@ static ssize_t ieee80211_if_write(
                 ret = (*write)(sdata, buf, count);
         rtnl_unlock();
 
-freebuf:
-        kfree(buf);
         return ret;
 }