summaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/ath/ath10k/debugfs_sta.c
diff options
context:
space:
mode:
authorVenkateswara Naralasetty2018-04-25 10:36:40 +0200
committerKalle Valo2018-04-27 13:24:25 +0200
commit2f177c1628c3f54cdfcc8093cd4b5297f4baeec4 (patch)
tree6399bb34bb6c4ac5d1dc5a31c87251b2f7bb9f37 /drivers/net/wireless/ath/ath10k/debugfs_sta.c
parentMerge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git (diff)
downloadkernel-qcow2-linux-2f177c1628c3f54cdfcc8093cd4b5297f4baeec4.tar.gz
kernel-qcow2-linux-2f177c1628c3f54cdfcc8093cd4b5297f4baeec4.tar.xz
kernel-qcow2-linux-2f177c1628c3f54cdfcc8093cd4b5297f4baeec4.zip
ath10k: fix information leak in debugfs
During write to some of debugfs in ath10k, few variables exposing stack data when process user input. which leads to possible information leak. This patch fix this issue by initializing buffer and checks the return valure of 'simple_write_to_buffer'. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Diffstat (limited to 'drivers/net/wireless/ath/ath10k/debugfs_sta.c')
-rw-r--r--drivers/net/wireless/ath/ath10k/debugfs_sta.c30
1 files changed, 15 insertions, 15 deletions
diff --git a/drivers/net/wireless/ath/ath10k/debugfs_sta.c b/drivers/net/wireless/ath/ath10k/debugfs_sta.c
index 8f688f136c22..a63c97e2c50c 100644
--- a/drivers/net/wireless/ath/ath10k/debugfs_sta.c
+++ b/drivers/net/wireless/ath/ath10k/debugfs_sta.c
@@ -254,12 +254,12 @@ static ssize_t ath10k_dbg_sta_write_addba(struct file *file,
struct ath10k *ar = arsta->arvif->ar;
u32 tid, buf_size;
int ret;
- char buf[64];
+ char buf[64] = {0};
- simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
-
- /* make sure that buf is null terminated */
- buf[sizeof(buf) - 1] = '\0';
+ ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos,
+ user_buf, count);
+ if (ret <= 0)
+ return ret;
ret = sscanf(buf, "%u %u", &tid, &buf_size);
if (ret != 2)
@@ -305,12 +305,12 @@ static ssize_t ath10k_dbg_sta_write_addba_resp(struct file *file,
struct ath10k *ar = arsta->arvif->ar;
u32 tid, status;
int ret;
- char buf[64];
-
- simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
+ char buf[64] = {0};
- /* make sure that buf is null terminated */
- buf[sizeof(buf) - 1] = '\0';
+ ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos,
+ user_buf, count);
+ if (ret <= 0)
+ return ret;
ret = sscanf(buf, "%u %u", &tid, &status);
if (ret != 2)
@@ -355,12 +355,12 @@ static ssize_t ath10k_dbg_sta_write_delba(struct file *file,
struct ath10k *ar = arsta->arvif->ar;
u32 tid, initiator, reason;
int ret;
- char buf[64];
-
- simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
+ char buf[64] = {0};
- /* make sure that buf is null terminated */
- buf[sizeof(buf) - 1] = '\0';
+ ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos,
+ user_buf, count);
+ if (ret <= 0)
+ return ret;
ret = sscanf(buf, "%u %u %u", &tid, &initiator, &reason);
if (ret != 3)
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-07-13 13:50:10 +0200