From ada577c12f7cd8851c999a9f19f62df06df7c39a Mon Sep 17 00:00:00 2001 From: Eliad Peller Date: Wed, 14 Mar 2012 16:15:02 +0200 Subject: [PATCH] mac80211: add NULL terminator to debugfs_netdev write buf Some debugfs write functions call kstrto* functions, which assume the string is null-terminated. Make it valid by changing ieee80211_if_write() to use static buffer instead of allocating one, and set the last char to NULL. (The write functions try to parse some integer/mac address, so 64 bytes buffer should be enough) Signed-off-by: Eliad Peller Signed-off-by: John W. Linville --- net/mac80211/debugfs_netdev.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c index f6de8a6..ef5cf26 100644 --- a/net/mac80211/debugfs_netdev.c +++ b/net/mac80211/debugfs_netdev.c @@ -49,16 +49,15 @@ static ssize_t ieee80211_if_write( size_t count, loff_t *ppos, ssize_t (*write)(struct ieee80211_sub_if_data *, const char *, int)) { - u8 *buf; + char buf[64]; ssize_t ret; - buf = kmalloc(count, GFP_KERNEL); - if (!buf) - return -ENOMEM; + if (count >= sizeof(buf)) + return -E2BIG; - ret = -EFAULT; if (copy_from_user(buf, userbuf, count)) - goto freebuf; + return -EFAULT; + buf[count] = '\0'; ret = -ENODEV; rtnl_lock(); @@ -66,8 +65,6 @@ static ssize_t ieee80211_if_write( ret = (*write)(sdata, buf, count); rtnl_unlock(); -freebuf: - kfree(buf); return ret; } -- 2.7.4