linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] atmel: using strlcpy() to avoid possible buffer overflows
@ 2018-06-30  6:33 YueHaibing
  2018-07-02 14:40 ` Kalle Valo
  2018-07-04 15:15 ` [v2] " Kalle Valo
  0 siblings, 2 replies; 4+ messages in thread
From: YueHaibing @ 2018-06-30  6:33 UTC (permalink / raw)
  To: simon, kvalo
  Cc: linux-kernel, netdev, linux-wireless, davem, andy.shevchenko, YueHaibing

'firmware' is a module param which may been longer than firmware_id,
so using strlcpy() to guard against overflows. Also priv is allocated
with zeroed memory,no need to set firmware_id[0] to '\0'.

v1 -> v2: remove priv->firmware_id[0] = '\0';

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
---
 drivers/net/wireless/atmel/atmel.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/net/wireless/atmel/atmel.c b/drivers/net/wireless/atmel/atmel.c
index b01dc34..cec715b 100644
--- a/drivers/net/wireless/atmel/atmel.c
+++ b/drivers/net/wireless/atmel/atmel.c
@@ -1516,10 +1516,9 @@ struct net_device *init_atmel_card(unsigned short irq, unsigned long port,
 	priv->present_callback = card_present;
 	priv->card = card;
 	priv->firmware = NULL;
-	priv->firmware_id[0] = '\0';
 	priv->firmware_type = fw_type;
 	if (firmware) /* module parameter */
-		strcpy(priv->firmware_id, firmware);
+		strlcpy(priv->firmware_id, firmware, sizeof(priv->firmware_id));
 	priv->bus_type = card_present ? BUS_TYPE_PCCARD : BUS_TYPE_PCI;
 	priv->station_state = STATION_STATE_DOWN;
 	priv->do_rx_crc = 0;
-- 
2.7.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] atmel: using strlcpy() to avoid possible buffer overflows
  2018-06-30  6:33 [PATCH v2] atmel: using strlcpy() to avoid possible buffer overflows YueHaibing
@ 2018-07-02 14:40 ` Kalle Valo
  2018-07-03  1:48   ` YueHaibing
  2018-07-04 15:15 ` [v2] " Kalle Valo
  1 sibling, 1 reply; 4+ messages in thread
From: Kalle Valo @ 2018-07-02 14:40 UTC (permalink / raw)
  To: YueHaibing
  Cc: simon, linux-kernel, netdev, linux-wireless, davem, andy.shevchenko

YueHaibing <yuehaibing@huawei.com> writes:

> 'firmware' is a module param which may been longer than firmware_id,
> so using strlcpy() to guard against overflows. Also priv is allocated
> with zeroed memory,no need to set firmware_id[0] to '\0'.
>
> v1 -> v2: remove priv->firmware_id[0] = '\0';
>
> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
> ---
>  drivers/net/wireless/atmel/atmel.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)

The changelog should be after "---" line. I can fix it this time, but in
the future please use the correct location.

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches#changelog_missing

-- 
Kalle Valo

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] atmel: using strlcpy() to avoid possible buffer overflows
  2018-07-02 14:40 ` Kalle Valo
@ 2018-07-03  1:48   ` YueHaibing
  0 siblings, 0 replies; 4+ messages in thread
From: YueHaibing @ 2018-07-03  1:48 UTC (permalink / raw)
  To: Kalle Valo
  Cc: simon, linux-kernel, netdev, linux-wireless, davem, andy.shevchenko

On 2018/7/2 22:40, Kalle Valo wrote:
> YueHaibing <yuehaibing@huawei.com> writes:
> 
>> 'firmware' is a module param which may been longer than firmware_id,
>> so using strlcpy() to guard against overflows. Also priv is allocated
>> with zeroed memory,no need to set firmware_id[0] to '\0'.
>>
>> v1 -> v2: remove priv->firmware_id[0] = '\0';
>>
>> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>> ---
>>  drivers/net/wireless/atmel/atmel.c | 3 +--
>>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> The changelog should be after "---" line. I can fix it this time, but in
> the future please use the correct location.

Thank you,will notice it.

> 
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches#changelog_missing
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [v2] atmel: using strlcpy() to avoid possible buffer overflows
  2018-06-30  6:33 [PATCH v2] atmel: using strlcpy() to avoid possible buffer overflows YueHaibing
  2018-07-02 14:40 ` Kalle Valo
@ 2018-07-04 15:15 ` Kalle Valo
  1 sibling, 0 replies; 4+ messages in thread
From: Kalle Valo @ 2018-07-04 15:15 UTC (permalink / raw)
  To: YueHaibing
  Cc: simon, linux-kernel, netdev, linux-wireless, davem,
	andy.shevchenko, YueHaibing

YueHaibing <yuehaibing@huawei.com> wrote:

> 'firmware' is a module param which may been longer than firmware_id,
> so using strlcpy() to guard against overflows. Also priv is allocated
> with zeroed memory,no need to set firmware_id[0] to '\0'.
> 
> Signed-off-by: YueHaibing <yuehaibing@huawei.com>

Patch applied to wireless-drivers-next.git, thanks.

f9cbaeb52930 atmel: using strlcpy() to avoid possible buffer overflows

-- 
https://patchwork.kernel.org/patch/10498009/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-07-04 15:15 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-30  6:33 [PATCH v2] atmel: using strlcpy() to avoid possible buffer overflows YueHaibing
2018-07-02 14:40 ` Kalle Valo
2018-07-03  1:48   ` YueHaibing
2018-07-04 15:15 ` [v2] " Kalle Valo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).