summaryrefslogtreecommitdiffstats
path: root/net/mac80211/debugfs.c
diff options
context:
space:
mode:
authorEliad Peller <eliad@wizery.com>2013-08-27 12:40:15 +0300
committerJohannes Berg <johannes.berg@intel.com>2013-10-01 12:16:51 +0200
commitf364ef99a8e82ee27933d6a0cf5cc1f27e9f0df9 (patch)
tree1efd470df60143de6acd2beb73314f7f173711ad /net/mac80211/debugfs.c
parentee4bc9e75811d2c0cb5f2a2fc5b51ff037a01f47 (diff)
downloadop-kernel-dev-f364ef99a8e82ee27933d6a0cf5cc1f27e9f0df9.zip
op-kernel-dev-f364ef99a8e82ee27933d6a0cf5cc1f27e9f0df9.tar.gz
mac80211: fix some snprintf misuses
In some debugfs related functions snprintf was used while scnprintf should have been used instead. (blindly adding the return value of snprintf and supplying it to the next snprintf might result in buffer overflow when the input is too big) Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211/debugfs.c')
-rw-r--r--net/mac80211/debugfs.c55
1 files changed, 29 insertions, 26 deletions
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index b0e32d6..5c090e4 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -103,54 +103,57 @@ static ssize_t hwflags_read(struct file *file, char __user *user_buf,
if (!buf)
return 0;
- sf += snprintf(buf, mxln - sf, "0x%x\n", local->hw.flags);
+ sf += scnprintf(buf, mxln - sf, "0x%x\n", local->hw.flags);
if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
- sf += snprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n");
+ sf += scnprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n");
if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
- sf += snprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n");
+ sf += scnprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n");
if (local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING)
- sf += snprintf(buf + sf, mxln - sf,
- "HOST_BCAST_PS_BUFFERING\n");
+ sf += scnprintf(buf + sf, mxln - sf,
+ "HOST_BCAST_PS_BUFFERING\n");
if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)
- sf += snprintf(buf + sf, mxln - sf,
- "2GHZ_SHORT_SLOT_INCAPABLE\n");
+ sf += scnprintf(buf + sf, mxln - sf,
+ "2GHZ_SHORT_SLOT_INCAPABLE\n");
if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)
- sf += snprintf(buf + sf, mxln - sf,
- "2GHZ_SHORT_PREAMBLE_INCAPABLE\n");
+ sf += scnprintf(buf + sf, mxln - sf,
+ "2GHZ_SHORT_PREAMBLE_INCAPABLE\n");
if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
- sf += snprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n");
+ sf += scnprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n");
if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
- sf += snprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n");
+ sf += scnprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n");
if (local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC)
- sf += snprintf(buf + sf, mxln - sf, "NEED_DTIM_BEFORE_ASSOC\n");
+ sf += scnprintf(buf + sf, mxln - sf,
+ "NEED_DTIM_BEFORE_ASSOC\n");
if (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)
- sf += snprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n");
+ sf += scnprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n");
if (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)
- sf += snprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n");
+ sf += scnprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n");
if (local->hw.flags & IEEE80211_HW_SUPPORTS_PS)
- sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n");
+ sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n");
if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
- sf += snprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n");
+ sf += scnprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n");
if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
- sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n");
+ sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n");
if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE)
- sf += snprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n");
+ sf += scnprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n");
if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS)
- sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n");
+ sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n");
if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
- sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_SMPS\n");
+ sf += scnprintf(buf + sf, mxln - sf,
+ "SUPPORTS_DYNAMIC_SMPS\n");
if (local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)
- sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n");
+ sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n");
if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
- sf += snprintf(buf + sf, mxln - sf, "REPORTS_TX_ACK_STATUS\n");
+ sf += scnprintf(buf + sf, mxln - sf,
+ "REPORTS_TX_ACK_STATUS\n");
if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
- sf += snprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n");
+ sf += scnprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n");
if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)
- sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");
+ sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");
if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
- sf += snprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");
+ sf += scnprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");
if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)
- sf += snprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n");
+ sf += scnprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n");
rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
kfree(buf);
OpenPOWER on IntegriCloud