From: Eliad Peller Date: Wed, 14 Mar 2012 14:15:02 +0000 (+0200) Subject: mac80211: add NULL terminator to debugfs_netdev write buf X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ada577c12f7cd8851c999a9f19f62df06df7c39a;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git mac80211: add NULL terminator to debugfs_netdev write buf Some debugfs write functions call kstrto* functions, which assume the string is null-terminated. Make it valid by changing ieee80211_if_write() to use static buffer instead of allocating one, and set the last char to NULL. (The write functions try to parse some integer/mac address, so 64 bytes buffer should be enough) Signed-off-by: Eliad Peller Signed-off-by: John W. Linville --- diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c index f6de8a65f402..ef5cf2685657 100644 --- a/net/mac80211/debugfs_netdev.c +++ b/net/mac80211/debugfs_netdev.c @@ -49,16 +49,15 @@ static ssize_t ieee80211_if_write( size_t count, loff_t *ppos, ssize_t (*write)(struct ieee80211_sub_if_data *, const char *, int)) { - u8 *buf; + char buf[64]; ssize_t ret; - buf = kmalloc(count, GFP_KERNEL); - if (!buf) - return -ENOMEM; + if (count >= sizeof(buf)) + return -E2BIG; - ret = -EFAULT; if (copy_from_user(buf, userbuf, count)) - goto freebuf; + return -EFAULT; + buf[count] = '\0'; ret = -ENODEV; rtnl_lock(); @@ -66,8 +65,6 @@ static ssize_t ieee80211_if_write( ret = (*write)(sdata, buf, count); rtnl_unlock(); -freebuf: - kfree(buf); return ret; }