rt2x00: unterminated strlen of user data

The buffer needs to be zero terminated in case the user data is not.
Otherwise we run off the end of the buffer.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
index 25ee3cb8e982db287ac269cac97666ad7dd60ec6..72ae530e4a3bdc499f73ef72e3ce8c85351b8033 100644 (file)
--- a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
@@ -478,7 +478,7 @@ static ssize_t rt2x00debug_write_##__name(struct file *file,        \
 {                                                              \
        struct rt2x00debug_intf *intf = file->private_data;     \
        const struct rt2x00debug *debug = intf->debug;          \
-       char line[16];                                          \
+       char line[17];                                          \
        size_t size;                                            \
        unsigned int index = intf->offset_##__name;             \
        __type value;                                           \
@@ -494,7 +494,8 @@ static ssize_t rt2x00debug_write_##__name(struct file *file,        \
                                                                \
        if (copy_from_user(line, buf, length))                  \
                return -EFAULT;                                 \
-                                                               \
+       line[16] = 0;                                           \
+                                               \
        size = strlen(line);                                    \
        value = simple_strtoul(line, NULL, 0);                  \
                                                                \