From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Brian Norris <briannorris@chromium.org>,
Kalle Valo <kvalo@codeaurora.org>, Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 3.12 23/38] mwifiex: printk() overflow with 32-byte SSIDs
Date: Tue, 13 Dec 2016 20:52:49 +0100 [thread overview]
Message-ID: <7c2844e30ea4da10b2726c1b8fa8b3829b403490.1481658746.git.jslaby@suse.cz> (raw)
In-Reply-To: <15034b96ec06ee859b67c6cd4e3be569a4ef286b.1481658746.git.jslaby@suse.cz>
In-Reply-To: <cover.1481658746.git.jslaby@suse.cz>
From: Brian Norris <briannorris@chromium.org>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit fcd2042e8d36cf644bd2d69c26378d17158b17df upstream.
SSIDs aren't guaranteed to be 0-terminated. Let's cap the max length
when we print them out.
This can be easily noticed by connecting to a network with a 32-octet
SSID:
[ 3903.502925] mwifiex_pcie 0000:01:00.0: info: trying to associate to
'0123456789abcdef0123456789abcdef <uninitialized mem>' bssid
xx:xx:xx:xx:xx:xx
Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Acked-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/net/wireless/mwifiex/cfg80211.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
index fbad00a5abc8..a664ec1f3b93 100644
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -1693,8 +1693,9 @@ done:
is_scanning_required = 1;
} else {
dev_dbg(priv->adapter->dev,
- "info: trying to associate to '%s' bssid %pM\n",
- (char *) req_ssid.ssid, bss->bssid);
+ "info: trying to associate to '%.*s' bssid %pM\n",
+ req_ssid.ssid_len, (char *)req_ssid.ssid,
+ bss->bssid);
memcpy(&priv->cfg_bssid, bss->bssid, ETH_ALEN);
break;
}
@@ -1735,8 +1736,8 @@ mwifiex_cfg80211_connect(struct wiphy *wiphy, struct net_device *dev,
return -EINVAL;
}
- wiphy_dbg(wiphy, "info: Trying to associate to %s and bssid %pM\n",
- (char *) sme->ssid, sme->bssid);
+ wiphy_dbg(wiphy, "info: Trying to associate to %.*s and bssid %pM\n",
+ (int)sme->ssid_len, (char *)sme->ssid, sme->bssid);
ret = mwifiex_cfg80211_assoc(priv, sme->ssid_len, sme->ssid, sme->bssid,
priv->bss_mode, sme->channel, sme, 0);
@@ -1859,8 +1860,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,
goto done;
}
- wiphy_dbg(wiphy, "info: trying to join to %s and bssid %pM\n",
- (char *) params->ssid, params->bssid);
+ wiphy_dbg(wiphy, "info: trying to join to %.*s and bssid %pM\n",
+ params->ssid_len, (char *)params->ssid, params->bssid);
mwifiex_set_ibss_params(priv, params);
--
2.11.0
next prev parent reply other threads:[~2016-12-13 19:57 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20161213195251epcas5p33cd25dd883c71a35fd9cdec0b8e8254a@epcas5p3.samsung.com>
2016-12-13 19:52 ` [PATCH 3.12 00/38] 3.12.69-stable review Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 01/38] x86/idle: Restore trace_cpu_idle to mwait_idle() calls Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 02/38] PCI: Fix devfn for VPD access through function 0 Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 03/38] PCI: Use function 0 VPD for identical functions, regular VPD for others Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 04/38] i2c: at91: fix write transfers by clearing pending interrupt first Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 05/38] mtd: blkdevs: fix potential deadlock + lockdep warnings Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 06/38] kernel/panic.c: turn off locks debug before releasing console lock Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 07/38] tty: audit: Fix audit source Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 08/38] Revert "drivers/net: Disable UFO through virtio" Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 09/38] KVM: x86: drop error recovery in em_jmp_far and em_ret_far Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 10/38] usb: chipidea: move the lock initialization to core file Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 11/38] USB: serial: cp210x: add ID for the Zone DPMX Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 12/38] USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 13/38] Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 14/38] scsi: mpt3sas: Fix secure erase premature termination Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 15/38] tile: avoid using clocksource_cyc2ns with absolute cycle count Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 16/38] cfg80211: limit scan results cache size Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 17/38] apparmor: fix change_hat not finding hat after policy replacement Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 18/38] mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 19/38] drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 20/38] x86/traps: Ignore high word of regs->cs in early_fixup_exception() Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 21/38] rcu: Fix soft lockup for rcu_nocb_kthread Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 22/38] PCI: Export pcie_find_root_port Jiri Slaby
2016-12-13 19:52 ` Jiri Slaby [this message]
2016-12-13 19:52 ` [PATCH 3.12 24/38] pwm: Fix device reference leak Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 25/38] ipv6: Set skb->protocol properly for local output Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 26/38] ipv4: " Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 27/38] ALSA: pcm : Call kill_fasync() in stream lock Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 28/38] ip6_tunnel: disable caching when the traffic class is inherited Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 29/38] net: sky2: Fix shutdown crash Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 30/38] l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 31/38] net/sched: pedit: make sure that offset is valid Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 32/38] net/dccp: fix use-after-free in dccp_invalid_packet Jiri Slaby
2016-12-13 19:52 ` [PATCH 3.12 33/38] packet: fix race condition in packet_set_ring Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 34/38] net: avoid signed overflows for SO_{SND|RCV}BUFFORCE Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 35/38] net: ping: check minimum size on ICMP header length Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 36/38] sparc32: Fix inverted invalid_frame_pointer checks on sigreturns Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 37/38] sparc64: Fix find_node warning if numa node cannot be found Jiri Slaby
2016-12-13 19:53 ` [PATCH 3.12 38/38] sparc64: fix compile warning section mismatch in find_node() Jiri Slaby
2016-12-14 0:51 ` [PATCH 3.12 00/38] 3.12.69-stable review Shuah Khan
2016-12-17 9:10 ` Jiri Slaby
2016-12-14 3:42 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7c2844e30ea4da10b2726c1b8fa8b3829b403490.1481658746.git.jslaby@suse.cz \
--to=jslaby@suse.cz \
--cc=briannorris@chromium.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).