All of lore.kernel.org
 help / color / mirror / Atom feed
From: Chen Gang <gang.chen@asianux.com>
To: "John W. Linville" <linville@tuxdriver.com>
Cc: linux-wireless@vger.kernel.org, netdev <netdev@vger.kernel.org>
Subject: Re: [PATCH] drivers/net/wireless: need consider the not '\0' terminated string.
Date: Sun, 20 Jan 2013 15:21:20 +0800	[thread overview]
Message-ID: <50FB9AF0.2090200@asianux.com> (raw)
In-Reply-To: <50EBAF8F.7030704@asianux.com>

Hello John W. Linville:

  when you have free time, could you give a glance for this patch ?

  thanks.

gchen.


于 2013年01月08日 13:33, Chen Gang 写道:
> 
>   in ray_cs.c:
>     the a_current_ess_id is "Null terminated unless ESSID_SIZE long"
>     so we need buffer it with '\0' firstly, before using strlen or %s.
> 
>   additional information:
>     in drivers/net/wireless/rayctl.h:
>       "NULL terminated unless 32 long" is a comment at line 616, 664
>       ESSID_SIZE is 32, at line 190
>     in include/uapi/linux/wireless.h:
>       IW_ESSID_MAX_SIZE is also 32
>     in drivers/net/wireless/ray_cs.c:
>       use strncpy for it, without '\0' terminated, at line 639
>       use memcpy for it, assume not '\0' terminated in line 1092..1097
>       buffer it with '\0' firstly, before using %s, in line 2576, 2598..2600
> 
> Signed-off-by: Chen Gang <gang.chen@asianux.com>
> ---
>  drivers/net/wireless/ray_cs.c |   19 ++++++++++++++-----
>  1 file changed, 14 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c
> index 598ca1c..e7cf37f 100644
> --- a/drivers/net/wireless/ray_cs.c
> +++ b/drivers/net/wireless/ray_cs.c
> @@ -1107,12 +1107,15 @@ static int ray_get_essid(struct net_device *dev, struct iw_request_info *info,
>  			 union iwreq_data *wrqu, char *extra)
>  {
>  	ray_dev_t *local = netdev_priv(dev);
> +	UCHAR tmp[IW_ESSID_MAX_SIZE + 1];
>  
>  	/* Get the essid that was set */
>  	memcpy(extra, local->sparm.b5.a_current_ess_id, IW_ESSID_MAX_SIZE);
> +	memcpy(tmp, local->sparm.b5.a_current_ess_id, IW_ESSID_MAX_SIZE);
> +	tmp[IW_ESSID_MAX_SIZE] = '\0';
>  
>  	/* Push it out ! */
> -	wrqu->essid.length = strlen(extra);
> +	wrqu->essid.length = strlen(tmp);
>  	wrqu->essid.flags = 1;	/* active */
>  
>  	return 0;
> @@ -1842,6 +1845,8 @@ static irqreturn_t ray_interrupt(int irq, void *dev_id)
>  	UCHAR tmp;
>  	UCHAR cmd;
>  	UCHAR status;
> +	UCHAR memtmp[ESSID_SIZE + 1];
> +
>  
>  	if (dev == NULL)	/* Note that we want interrupts with dev->start == 0 */
>  		return IRQ_NONE;
> @@ -1901,17 +1906,21 @@ static irqreturn_t ray_interrupt(int irq, void *dev_id)
>  			break;
>  		case CCS_START_NETWORK:
>  		case CCS_JOIN_NETWORK:
> +			memcpy(memtmp, local->sparm.b4.a_current_ess_id,
> +								ESSID_SIZE);
> +			memtmp[ESSID_SIZE] = '\0';
> +
>  			if (status == CCS_COMMAND_COMPLETE) {
>  				if (readb
>  				    (&pccs->var.start_network.net_initiated) ==
>  				    1) {
>  					dev_dbg(&link->dev,
>  					      "ray_cs interrupt network \"%s\" started\n",
> -					      local->sparm.b4.a_current_ess_id);
> +					      memtmp);
>  				} else {
>  					dev_dbg(&link->dev,
>  					      "ray_cs interrupt network \"%s\" joined\n",
> -					      local->sparm.b4.a_current_ess_id);
> +					      memtmp);
>  				}
>  				memcpy_fromio(&local->bss_id,
>  					      pccs->var.start_network.bssid,
> @@ -1939,12 +1948,12 @@ static irqreturn_t ray_interrupt(int irq, void *dev_id)
>  				if (status == CCS_START_NETWORK) {
>  					dev_dbg(&link->dev,
>  					      "ray_cs interrupt network \"%s\" start failed\n",
> -					      local->sparm.b4.a_current_ess_id);
> +					      memtmp);
>  					local->timer.function = start_net;
>  				} else {
>  					dev_dbg(&link->dev,
>  					      "ray_cs interrupt network \"%s\" join failed\n",
> -					      local->sparm.b4.a_current_ess_id);
> +					      memtmp);
>  					local->timer.function = join_net;
>  				}
>  				add_timer(&local->timer);
> 


-- 
Chen Gang

Asianux Corporation

      reply	other threads:[~2013-01-20  7:20 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-08  5:33 [PATCH] drivers/net/wireless: need consider the not '\0' terminated string Chen Gang
2013-01-20  7:21 ` Chen Gang [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50FB9AF0.2090200@asianux.com \
    --to=gang.chen@asianux.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.