* [patch] ath6kl: use a larger buffer for debug output
@ 2011-11-18 14:09 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2011-11-18 14:09 UTC (permalink / raw)
To: Kalle Valo; +Cc: John W. Linville, linux-wireless, kernel-janitors
This function makes the static checkers grumble. The return value of
snprintf() is the number of bytes which would have been copied if
there was enough space. In theory, a %u can take take 10 digits so
len could be larger than 16 and it would be a small information
leak.
We may as well make the buffer larger as well since that is very
easy to do.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/net/wireless/ath/ath6kl/debug.c b/drivers/net/wireless/ath/ath6kl/debug.c
index 9eff0d0..e632008 100644
--- a/drivers/net/wireless/ath/ath6kl/debug.c
+++ b/drivers/net/wireless/ath/ath6kl/debug.c
@@ -1551,11 +1551,12 @@ static ssize_t ath6kl_listen_int_read(struct file *file,
size_t count, loff_t *ppos)
{
struct ath6kl *ar = file->private_data;
- char buf[16];
+ char buf[32];
int len;
len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
ar->listen_intvl_b);
+ len = min(sizeof(buf), len);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [patch] ath6kl: use a larger buffer for debug output
@ 2011-11-18 14:09 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2011-11-18 14:09 UTC (permalink / raw)
To: Kalle Valo; +Cc: John W. Linville, linux-wireless, kernel-janitors
This function makes the static checkers grumble. The return value of
snprintf() is the number of bytes which would have been copied if
there was enough space. In theory, a %u can take take 10 digits so
len could be larger than 16 and it would be a small information
leak.
We may as well make the buffer larger as well since that is very
easy to do.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/net/wireless/ath/ath6kl/debug.c b/drivers/net/wireless/ath/ath6kl/debug.c
index 9eff0d0..e632008 100644
--- a/drivers/net/wireless/ath/ath6kl/debug.c
+++ b/drivers/net/wireless/ath/ath6kl/debug.c
@@ -1551,11 +1551,12 @@ static ssize_t ath6kl_listen_int_read(struct file *file,
size_t count, loff_t *ppos)
{
struct ath6kl *ar = file->private_data;
- char buf[16];
+ char buf[32];
int len;
len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
ar->listen_intvl_b);
+ len = min(sizeof(buf), len);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [patch] ath6kl: use a larger buffer for debug output
2011-11-18 14:09 ` Dan Carpenter
@ 2011-11-18 14:11 ` Johannes Berg
-1 siblings, 0 replies; 12+ messages in thread
From: Johannes Berg @ 2011-11-18 14:11 UTC (permalink / raw)
To: Dan Carpenter
Cc: Kalle Valo, John W. Linville, linux-wireless, kernel-janitors
On Fri, 2011-11-18 at 17:09 +0300, Dan Carpenter wrote:
> This function makes the static checkers grumble. The return value of
> snprintf() is the number of bytes which would have been copied if
> there was enough space. In theory, a %u can take take 10 digits so
> len could be larger than 16 and it would be a small information
> leak.
>
> We may as well make the buffer larger as well since that is very
> easy to do.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/net/wireless/ath/ath6kl/debug.c b/drivers/net/wireless/ath/ath6kl/debug.c
> index 9eff0d0..e632008 100644
> --- a/drivers/net/wireless/ath/ath6kl/debug.c
> +++ b/drivers/net/wireless/ath/ath6kl/debug.c
> @@ -1551,11 +1551,12 @@ static ssize_t ath6kl_listen_int_read(struct file *file,
> size_t count, loff_t *ppos)
> {
> struct ath6kl *ar = file->private_data;
> - char buf[16];
> + char buf[32];
> int len;
>
> len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
> ar->listen_intvl_b);
> + len = min(sizeof(buf), len);
Maybe that should be scnprintf instead then?
johannes
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [patch] ath6kl: use a larger buffer for debug output
@ 2011-11-18 14:11 ` Johannes Berg
0 siblings, 0 replies; 12+ messages in thread
From: Johannes Berg @ 2011-11-18 14:11 UTC (permalink / raw)
To: Dan Carpenter
Cc: Kalle Valo, John W. Linville, linux-wireless, kernel-janitors
On Fri, 2011-11-18 at 17:09 +0300, Dan Carpenter wrote:
> This function makes the static checkers grumble. The return value of
> snprintf() is the number of bytes which would have been copied if
> there was enough space. In theory, a %u can take take 10 digits so
> len could be larger than 16 and it would be a small information
> leak.
>
> We may as well make the buffer larger as well since that is very
> easy to do.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/net/wireless/ath/ath6kl/debug.c b/drivers/net/wireless/ath/ath6kl/debug.c
> index 9eff0d0..e632008 100644
> --- a/drivers/net/wireless/ath/ath6kl/debug.c
> +++ b/drivers/net/wireless/ath/ath6kl/debug.c
> @@ -1551,11 +1551,12 @@ static ssize_t ath6kl_listen_int_read(struct file *file,
> size_t count, loff_t *ppos)
> {
> struct ath6kl *ar = file->private_data;
> - char buf[16];
> + char buf[32];
> int len;
>
> len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
> ar->listen_intvl_b);
> + len = min(sizeof(buf), len);
Maybe that should be scnprintf instead then?
johannes
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [patch] ath6kl: use a larger buffer for debug output
2011-11-18 14:11 ` Johannes Berg
@ 2011-11-21 16:55 ` Kalle Valo
-1 siblings, 0 replies; 12+ messages in thread
From: Kalle Valo @ 2011-11-21 16:55 UTC (permalink / raw)
To: Johannes Berg
Cc: Dan Carpenter, John W. Linville, linux-wireless, kernel-janitors
On 11/18/2011 04:11 PM, Johannes Berg wrote:
> On Fri, 2011-11-18 at 17:09 +0300, Dan Carpenter wrote:
>> This function makes the static checkers grumble. The return value of
>> snprintf() is the number of bytes which would have been copied if
>> there was enough space. In theory, a %u can take take 10 digits so
>> len could be larger than 16 and it would be a small information
>> leak.
>>
>> We may as well make the buffer larger as well since that is very
>> easy to do.
>>
>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>
>> diff --git a/drivers/net/wireless/ath/ath6kl/debug.c b/drivers/net/wireless/ath/ath6kl/debug.c
>> index 9eff0d0..e632008 100644
>> --- a/drivers/net/wireless/ath/ath6kl/debug.c
>> +++ b/drivers/net/wireless/ath/ath6kl/debug.c
>> @@ -1551,11 +1551,12 @@ static ssize_t ath6kl_listen_int_read(struct file *file,
>> size_t count, loff_t *ppos)
>> {
>> struct ath6kl *ar = file->private_data;
>> - char buf[16];
>> + char buf[32];
>> int len;
>>
>> len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
>> ar->listen_intvl_b);
>> + len = min(sizeof(buf), len);
>
> Maybe that should be scnprintf instead then?
Yeah, I agree. And most likely debug.c has even more cases where
scnprintf() is needed.
Kalle
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [patch] ath6kl: use a larger buffer for debug output
@ 2011-11-21 16:55 ` Kalle Valo
0 siblings, 0 replies; 12+ messages in thread
From: Kalle Valo @ 2011-11-21 16:55 UTC (permalink / raw)
To: Johannes Berg
Cc: Dan Carpenter, John W. Linville, linux-wireless, kernel-janitors
On 11/18/2011 04:11 PM, Johannes Berg wrote:
> On Fri, 2011-11-18 at 17:09 +0300, Dan Carpenter wrote:
>> This function makes the static checkers grumble. The return value of
>> snprintf() is the number of bytes which would have been copied if
>> there was enough space. In theory, a %u can take take 10 digits so
>> len could be larger than 16 and it would be a small information
>> leak.
>>
>> We may as well make the buffer larger as well since that is very
>> easy to do.
>>
>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>
>> diff --git a/drivers/net/wireless/ath/ath6kl/debug.c b/drivers/net/wireless/ath/ath6kl/debug.c
>> index 9eff0d0..e632008 100644
>> --- a/drivers/net/wireless/ath/ath6kl/debug.c
>> +++ b/drivers/net/wireless/ath/ath6kl/debug.c
>> @@ -1551,11 +1551,12 @@ static ssize_t ath6kl_listen_int_read(struct file *file,
>> size_t count, loff_t *ppos)
>> {
>> struct ath6kl *ar = file->private_data;
>> - char buf[16];
>> + char buf[32];
>> int len;
>>
>> len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
>> ar->listen_intvl_b);
>> + len = min(sizeof(buf), len);
>
> Maybe that should be scnprintf instead then?
Yeah, I agree. And most likely debug.c has even more cases where
scnprintf() is needed.
Kalle
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [patch] ath6kl: use a larger buffer for debug output
2011-11-21 16:55 ` Kalle Valo
@ 2011-11-21 19:58 ` Dan Carpenter
-1 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2011-11-21 19:58 UTC (permalink / raw)
To: Kalle Valo
Cc: Johannes Berg, John W. Linville, linux-wireless, kernel-janitors
[-- Attachment #1: Type: text/plain, Size: 528 bytes --]
On Mon, Nov 21, 2011 at 06:55:11PM +0200, Kalle Valo wrote:
> >> len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
> >> ar->listen_intvl_b);
> >> + len = min(sizeof(buf), len);
> >
> > Maybe that should be scnprintf instead then?
>
> Yeah, I agree. And most likely debug.c has even more cases where
> scnprintf() is needed.
>
Yes yes. Obviously. I sent the patch at 5 pm on Friday and lost
track of it for a bit. I'll send a fixed version tomorrow morning.
regards,
dan carpenter
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [patch] ath6kl: use a larger buffer for debug output
@ 2011-11-21 19:58 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2011-11-21 19:58 UTC (permalink / raw)
To: Kalle Valo
Cc: Johannes Berg, John W. Linville, linux-wireless, kernel-janitors
[-- Attachment #1: Type: text/plain, Size: 528 bytes --]
On Mon, Nov 21, 2011 at 06:55:11PM +0200, Kalle Valo wrote:
> >> len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
> >> ar->listen_intvl_b);
> >> + len = min(sizeof(buf), len);
> >
> > Maybe that should be scnprintf instead then?
>
> Yeah, I agree. And most likely debug.c has even more cases where
> scnprintf() is needed.
>
Yes yes. Obviously. I sent the patch at 5 pm on Friday and lost
track of it for a bit. I'll send a fixed version tomorrow morning.
regards,
dan carpenter
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* [patch v2] ath6kl: use a larger buffer for debug output
2011-11-18 14:11 ` Johannes Berg
@ 2011-11-23 6:34 ` Dan Carpenter
-1 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2011-11-23 6:34 UTC (permalink / raw)
To: Johannes Berg
Cc: Kalle Valo, John W. Linville, linux-wireless, kernel-janitors
[-- Attachment #1: Type: text/plain, Size: 1111 bytes --]
The return value of snprintf() is the number of bytes which would
have been copied if there was enough space, but we want the number of
bytes actually copied. The scnprintf() function does this.
Also in theory, a %u can take take 10 digits so we may as well make
the buffer larger as well.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: I didn't know about the scnprintf() function before. Thanks
Johannes.
diff --git a/drivers/net/wireless/ath/ath6kl/debug.c b/drivers/net/wireless/ath/ath6kl/debug.c
index 9eff0d0..eb808b4 100644
--- a/drivers/net/wireless/ath/ath6kl/debug.c
+++ b/drivers/net/wireless/ath/ath6kl/debug.c
@@ -1551,10 +1551,10 @@ static ssize_t ath6kl_listen_int_read(struct file *file,
size_t count, loff_t *ppos)
{
struct ath6kl *ar = file->private_data;
- char buf[16];
+ char buf[32];
int len;
- len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
+ len = scnprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
ar->listen_intvl_b);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [patch v2] ath6kl: use a larger buffer for debug output
@ 2011-11-23 6:34 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2011-11-23 6:34 UTC (permalink / raw)
To: Johannes Berg
Cc: Kalle Valo, John W. Linville, linux-wireless, kernel-janitors
[-- Attachment #1: Type: text/plain, Size: 1111 bytes --]
The return value of snprintf() is the number of bytes which would
have been copied if there was enough space, but we want the number of
bytes actually copied. The scnprintf() function does this.
Also in theory, a %u can take take 10 digits so we may as well make
the buffer larger as well.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: I didn't know about the scnprintf() function before. Thanks
Johannes.
diff --git a/drivers/net/wireless/ath/ath6kl/debug.c b/drivers/net/wireless/ath/ath6kl/debug.c
index 9eff0d0..eb808b4 100644
--- a/drivers/net/wireless/ath/ath6kl/debug.c
+++ b/drivers/net/wireless/ath/ath6kl/debug.c
@@ -1551,10 +1551,10 @@ static ssize_t ath6kl_listen_int_read(struct file *file,
size_t count, loff_t *ppos)
{
struct ath6kl *ar = file->private_data;
- char buf[16];
+ char buf[32];
int len;
- len = snprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
+ len = scnprintf(buf, sizeof(buf), "%u %u\n", ar->listen_intvl_t,
ar->listen_intvl_b);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [patch v2] ath6kl: use a larger buffer for debug output
2011-11-23 6:34 ` Dan Carpenter
@ 2011-11-24 12:29 ` Kalle Valo
-1 siblings, 0 replies; 12+ messages in thread
From: Kalle Valo @ 2011-11-24 12:29 UTC (permalink / raw)
To: Dan Carpenter
Cc: Johannes Berg, John W. Linville, linux-wireless, kernel-janitors
On 11/23/2011 08:34 AM, Dan Carpenter wrote:
> The return value of snprintf() is the number of bytes which would
> have been copied if there was enough space, but we want the number of
> bytes actually copied. The scnprintf() function does this.
>
> Also in theory, a %u can take take 10 digits so we may as well make
> the buffer larger as well.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Thanks, applied.
> v2: I didn't know about the scnprintf() function before. Thanks
> Johannes.
Me neither, so thank you from me as well :)
Kalle
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [patch v2] ath6kl: use a larger buffer for debug output
@ 2011-11-24 12:29 ` Kalle Valo
0 siblings, 0 replies; 12+ messages in thread
From: Kalle Valo @ 2011-11-24 12:29 UTC (permalink / raw)
To: Dan Carpenter
Cc: Johannes Berg, John W. Linville, linux-wireless, kernel-janitors
On 11/23/2011 08:34 AM, Dan Carpenter wrote:
> The return value of snprintf() is the number of bytes which would
> have been copied if there was enough space, but we want the number of
> bytes actually copied. The scnprintf() function does this.
>
> Also in theory, a %u can take take 10 digits so we may as well make
> the buffer larger as well.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Thanks, applied.
> v2: I didn't know about the scnprintf() function before. Thanks
> Johannes.
Me neither, so thank you from me as well :)
Kalle
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2011-11-24 12:30 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-11-18 14:09 [patch] ath6kl: use a larger buffer for debug output Dan Carpenter
2011-11-18 14:09 ` Dan Carpenter
2011-11-18 14:11 ` Johannes Berg
2011-11-18 14:11 ` Johannes Berg
2011-11-21 16:55 ` Kalle Valo
2011-11-21 16:55 ` Kalle Valo
2011-11-21 19:58 ` Dan Carpenter
2011-11-21 19:58 ` Dan Carpenter
2011-11-23 6:34 ` [patch v2] " Dan Carpenter
2011-11-23 6:34 ` Dan Carpenter
2011-11-24 12:29 ` Kalle Valo
2011-11-24 12:29 ` Kalle Valo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.