From patchwork Sun Mar 1 17:48:33 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Colin King X-Patchwork-Id: 5908821 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 6A3179F269 for ; Sun, 1 Mar 2015 17:50:39 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 9B3C6202A1 for ; Sun, 1 Mar 2015 17:50:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B1C62202AE for ; Sun, 1 Mar 2015 17:50:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752228AbbCARuN (ORCPT ); Sun, 1 Mar 2015 12:50:13 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:41981 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751844AbbCARuM (ORCPT ); Sun, 1 Mar 2015 12:50:12 -0500 Received: from cpc3-craw6-2-0-cust180.croy.cable.virginm.net ([77.100.248.181] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1YS80F-0004f5-69; Sun, 01 Mar 2015 17:50:07 +0000 From: Colin King To: Vladimir Kondratiev , Kalle Valo , linux-wireless@vger.kernel.org, wil6210@qca.qualcomm.com, netdev@vger.kernel.org Cc: linux-kernel@vger.kernel.org Subject: [PATCH] wil6210: increase cmd buffer size to avoid sscanf buffer overflow Date: Sun, 1 Mar 2015 17:48:33 +0000 Message-Id: <1425232113-5010-1-git-send-email-colin.king@canonical.com> X-Mailer: git-send-email 2.1.4 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Colin Ian King cppcheck detected a buffer overflow: [drivers/net/wireless/ath/wil6210/debugfs.c:634]: (error) Width 8 given in format string (no. 1) is larger than destination buffer 'cmd[8]', use %7s to prevent overflowing it. For the current %8s sscanf we require cmd to be 9 chars long so increase it by 1 byte to prevent the sscan overflow (rather than reduce the %8s specifier to %7s as cppcheck recommends). Signed-off-by: Colin Ian King Acked-by: Vladimir Kondratiev --- drivers/net/wireless/ath/wil6210/debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c index 45c3558e..29aab12 100644 --- a/drivers/net/wireless/ath/wil6210/debugfs.c +++ b/drivers/net/wireless/ath/wil6210/debugfs.c @@ -618,7 +618,7 @@ static ssize_t wil_write_back(struct file *file, const char __user *buf, struct wil6210_priv *wil = file->private_data; int rc; char *kbuf = kmalloc(len + 1, GFP_KERNEL); - char cmd[8]; + char cmd[9]; int p1, p2, p3; if (!kbuf)