From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Brian Norris <briannorris@chromium.org>,
Amitkumar Karwar <akarwar@marvell.com>,
Kalle Valo <kvalo@codeaurora.org>
Subject: [PATCH 4.4 09/13] mwifiex: printk() overflow with 32-byte SSIDs
Date: Wed, 7 Dec 2016 08:07:48 +0100 [thread overview]
Message-ID: <20161207070717.022595415@linuxfoundation.org> (raw)
In-Reply-To: <20161207070716.317145973@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Brian Norris <briannorris@chromium.org>
commit fcd2042e8d36cf644bd2d69c26378d17158b17df upstream.
SSIDs aren't guaranteed to be 0-terminated. Let's cap the max length
when we print them out.
This can be easily noticed by connecting to a network with a 32-octet
SSID:
[ 3903.502925] mwifiex_pcie 0000:01:00.0: info: trying to associate to
'0123456789abcdef0123456789abcdef <uninitialized mem>' bssid
xx:xx:xx:xx:xx:xx
Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Acked-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mwifiex/cfg80211.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -2144,8 +2144,9 @@ done:
is_scanning_required = 1;
} else {
mwifiex_dbg(priv->adapter, MSG,
- "info: trying to associate to '%s' bssid %pM\n",
- (char *)req_ssid.ssid, bss->bssid);
+ "info: trying to associate to '%.*s' bssid %pM\n",
+ req_ssid.ssid_len, (char *)req_ssid.ssid,
+ bss->bssid);
memcpy(&priv->cfg_bssid, bss->bssid, ETH_ALEN);
break;
}
@@ -2202,8 +2203,8 @@ mwifiex_cfg80211_connect(struct wiphy *w
}
mwifiex_dbg(adapter, INFO,
- "info: Trying to associate to %s and bssid %pM\n",
- (char *)sme->ssid, sme->bssid);
+ "info: Trying to associate to %.*s and bssid %pM\n",
+ (int)sme->ssid_len, (char *)sme->ssid, sme->bssid);
ret = mwifiex_cfg80211_assoc(priv, sme->ssid_len, sme->ssid, sme->bssid,
priv->bss_mode, sme->channel, sme, 0);
@@ -2333,8 +2334,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy
}
mwifiex_dbg(priv->adapter, MSG,
- "info: trying to join to %s and bssid %pM\n",
- (char *)params->ssid, params->bssid);
+ "info: trying to join to %.*s and bssid %pM\n",
+ params->ssid_len, (char *)params->ssid, params->bssid);
mwifiex_set_ibss_params(priv, params);
next prev parent reply other threads:[~2016-12-07 7:08 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20161207070805epcas3p1487b13063215635759cae58441ad906a@epcas3p1.samsung.com>
2016-12-07 7:07 ` [PATCH 4.4 00/13] 4.4.37-stable review Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 01/13] ARC: Dont use "+l" inline asm constraint Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 02/13] zram: fix unbalanced idr management at hot removal Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 03/13] kasan: update kasan_global for gcc 7 Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 04/13] x86/traps: Ignore high word of regs->cs in early_fixup_exception() Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 05/13] ALSA: pcm : Call kill_fasync() in stream lock Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 06/13] rcu: Fix soft lockup for rcu_nocb_kthread Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 07/13] PCI: Export pcie_find_root_port Greg Kroah-Hartman
2016-12-07 7:07 ` Greg Kroah-Hartman [this message]
2016-12-07 7:07 ` [PATCH 4.4 10/13] pwm: Fix device reference leak Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 11/13] arm64: cpufeature: Schedule enable() calls instead of calling them via IPI Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 12/13] arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call Greg Kroah-Hartman
2016-12-07 7:07 ` [PATCH 4.4 13/13] arm64: suspend: Reconfigure PSTATE after resume from idle Greg Kroah-Hartman
2016-12-07 16:07 ` [PATCH 4.4 00/13] 4.4.37-stable review Guenter Roeck
2016-12-07 18:17 ` Shuah Khan
[not found] ` <5847f96a.45f6c20a.fab5.7b38@mx.google.com>
[not found] ` <m2inqvekqu.fsf@baylibre.com>
2016-12-08 16:25 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161207070717.022595415@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akarwar@marvell.com \
--cc=briannorris@chromium.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.