| Message ID | 20180630063341.9900-1-yuehaibing@huawei.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f9cbaeb52930342059429f56d0b9f05c8d54c0ba |
| Delegated to: | Kalle Valo |
| Headers | show |
YueHaibing <yuehaibing@huawei.com> writes: > 'firmware' is a module param which may been longer than firmware_id, > so using strlcpy() to guard against overflows. Also priv is allocated > with zeroed memory,no need to set firmware_id[0] to '\0'. > > v1 -> v2: remove priv->firmware_id[0] = '\0'; > > Signed-off-by: YueHaibing <yuehaibing@huawei.com> > --- > drivers/net/wireless/atmel/atmel.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) The changelog should be after "---" line. I can fix it this time, but in the future please use the correct location. https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches#changelog_missing
On 2018/7/2 22:40, Kalle Valo wrote: > YueHaibing <yuehaibing@huawei.com> writes: > >> 'firmware' is a module param which may been longer than firmware_id, >> so using strlcpy() to guard against overflows. Also priv is allocated >> with zeroed memory,no need to set firmware_id[0] to '\0'. >> >> v1 -> v2: remove priv->firmware_id[0] = '\0'; >> >> Signed-off-by: YueHaibing <yuehaibing@huawei.com> >> --- >> drivers/net/wireless/atmel/atmel.c | 3 +-- >> 1 file changed, 1 insertion(+), 2 deletions(-) > > The changelog should be after "---" line. I can fix it this time, but in > the future please use the correct location. Thank you,will notice it. > > https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches#changelog_missing >
YueHaibing <yuehaibing@huawei.com> wrote: > 'firmware' is a module param which may been longer than firmware_id, > so using strlcpy() to guard against overflows. Also priv is allocated > with zeroed memory,no need to set firmware_id[0] to '\0'. > > Signed-off-by: YueHaibing <yuehaibing@huawei.com> Patch applied to wireless-drivers-next.git, thanks. f9cbaeb52930 atmel: using strlcpy() to avoid possible buffer overflows
diff --git a/drivers/net/wireless/atmel/atmel.c b/drivers/net/wireless/atmel/atmel.c index b01dc34..cec715b 100644 --- a/drivers/net/wireless/atmel/atmel.c +++ b/drivers/net/wireless/atmel/atmel.c @@ -1516,10 +1516,9 @@ struct net_device *init_atmel_card(unsigned short irq, unsigned long port, priv->present_callback = card_present; priv->card = card; priv->firmware = NULL; - priv->firmware_id[0] = '\0'; priv->firmware_type = fw_type; if (firmware) /* module parameter */ - strcpy(priv->firmware_id, firmware); + strlcpy(priv->firmware_id, firmware, sizeof(priv->firmware_id)); priv->bus_type = card_present ? BUS_TYPE_PCCARD : BUS_TYPE_PCI; priv->station_state = STATION_STATE_DOWN; priv->do_rx_crc = 0;
'firmware' is a module param which may been longer than firmware_id, so using strlcpy() to guard against overflows. Also priv is allocated with zeroed memory,no need to set firmware_id[0] to '\0'. v1 -> v2: remove priv->firmware_id[0] = '\0'; Signed-off-by: YueHaibing <yuehaibing@huawei.com> --- drivers/net/wireless/atmel/atmel.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)