public inbox for kernel-janitors@vger.kernel.org
 help / color / mirror / Atom feed
* [patch] cfg80211: off by one in ieee80211_bss()
@ 2013-01-24  6:40 Dan Carpenter
  2013-01-24  7:28 ` Luciano Coelho
  2013-01-24 14:47 ` Johannes Berg
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2013-01-24  6:40 UTC (permalink / raw)
  To: Johannes Berg; +Cc: John W. Linville, linux-wireless, kernel-janitors

We do a:

	sprintf(buf, " Last beacon: %ums ago",
		elapsed_jiffies_msecs(bss->ts));

elapsed_jiffies_msecs() can return a 10 digit number so "buf" needs to
be 31 characters long.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 01592d7..45f1618 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1358,7 +1358,7 @@ ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
 						  &iwe, IW_EV_UINT_LEN);
 	}
 
-	buf = kmalloc(30, GFP_ATOMIC);
+	buf = kmalloc(31, GFP_ATOMIC);
 	if (buf) {
 		memset(&iwe, 0, sizeof(iwe));
 		iwe.cmd = IWEVCUSTOM;

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [patch] cfg80211: off by one in ieee80211_bss()
  2013-01-24  6:40 [patch] cfg80211: off by one in ieee80211_bss() Dan Carpenter
@ 2013-01-24  7:28 ` Luciano Coelho
  2013-01-24 14:47 ` Johannes Berg
  1 sibling, 0 replies; 3+ messages in thread
From: Luciano Coelho @ 2013-01-24  7:28 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Johannes Berg, John W. Linville, linux-wireless, kernel-janitors

On Thu, 2013-01-24 at 09:40 +0300, Dan Carpenter wrote:
> We do a:
> 
> 	sprintf(buf, " Last beacon: %ums ago",
> 		elapsed_jiffies_msecs(bss->ts));
> 
> elapsed_jiffies_msecs() can return a 10 digit number so "buf" needs to
> be 31 characters long.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/net/wireless/scan.c b/net/wireless/scan.c
> index 01592d7..45f1618 100644
> --- a/net/wireless/scan.c
> +++ b/net/wireless/scan.c
> @@ -1358,7 +1358,7 @@ ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
>  						  &iwe, IW_EV_UINT_LEN);
>  	}
>  
> -	buf = kmalloc(30, GFP_ATOMIC);
> +	buf = kmalloc(31, GFP_ATOMIC);
>  	if (buf) {
>  		memset(&iwe, 0, sizeof(iwe));
>  		iwe.cmd = IWEVCUSTOM;

Looks good.  Also, to be on the safe side, shouldn't snprintf be used
when writing to buf as well? Same thing higher up where the same buf is
used and alloc'ed 50 bytes...

--
Luca.


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [patch] cfg80211: off by one in ieee80211_bss()
  2013-01-24  6:40 [patch] cfg80211: off by one in ieee80211_bss() Dan Carpenter
  2013-01-24  7:28 ` Luciano Coelho
@ 2013-01-24 14:47 ` Johannes Berg
  1 sibling, 0 replies; 3+ messages in thread
From: Johannes Berg @ 2013-01-24 14:47 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: John W. Linville, linux-wireless, kernel-janitors

On Thu, 2013-01-24 at 09:40 +0300, Dan Carpenter wrote:
> We do a:
> 
> 	sprintf(buf, " Last beacon: %ums ago",
> 		elapsed_jiffies_msecs(bss->ts));
> 
> elapsed_jiffies_msecs() can return a 10 digit number so "buf" needs to
> be 31 characters long.

Applied, thanks.

johannes


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-01-24 14:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-24  6:40 [patch] cfg80211: off by one in ieee80211_bss() Dan Carpenter
2013-01-24  7:28 ` Luciano Coelho
2013-01-24 14:47 ` Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox