aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Neumüller <cn00@gmx.at>2014-09-09 14:07:11 +0200
committerDenis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>2019-07-24 12:32:23 +0200
commit3bd2da89b4d7753b9a926dca5769aa2708aee71d (patch)
tree36add8b721a6d44935b7c1c603d5328f308ff25d
parent614f0e61a1df64aba46f8ed4bf83857a4b2b3f5f (diff)
downloadkernel_samsung_smdk4412-3bd2da89b4d7753b9a926dca5769aa2708aee71d.zip
kernel_samsung_smdk4412-3bd2da89b4d7753b9a926dca5769aa2708aee71d.tar.gz
kernel_samsung_smdk4412-3bd2da89b4d7753b9a926dca5769aa2708aee71d.tar.bz2
bcmdhd wireless: Fix more off by one errors.
These were not detected by the stack protector, either because the functions where not called or because the corruption hits a local variable. Change-Id: I385c81b133ee09c28df56597df3fb25d9c063f43
-rw-r--r--drivers/net/wireless/bcmdhd/dhd_custom_sec.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/drivers/net/wireless/bcmdhd/dhd_custom_sec.c b/drivers/net/wireless/bcmdhd/dhd_custom_sec.c
index c099490..d79e9d2 100644
--- a/drivers/net/wireless/bcmdhd/dhd_custom_sec.c
+++ b/drivers/net/wireless/bcmdhd/dhd_custom_sec.c
@@ -366,10 +366,10 @@ void get_customized_country_code(void *adapter, char *country_iso_code, wl_count
int dhd_read_macaddr(struct dhd_info *dhd, struct ether_addr *mac)
{
struct file *fp = NULL;
- char macbuffer[18] = {0};
+ char macbuffer[MACBUFFER_SZ] = {0};
mm_segment_t oldfs = {0};
char randommac[3] = {0};
- char buf[18] = {0};
+ char buf[MACBUFFER_SZ] = {0};
char *filepath_efs = MACINFO_EFS;
int ret = 0;
@@ -394,7 +394,7 @@ start_readmac:
if (fp->f_mode & FMODE_WRITE) {
ret = fp->f_op->write(fp, (const char *)macbuffer,
- sizeof(macbuffer), &fp->f_pos);
+ sizeof(macbuffer) - 1 /* skip null byte */, &fp->f_pos);
if (ret < 0)
DHD_ERROR(("[WIFI_SEC] MAC address [%s] Failed to write into File:"
" %s\n", macbuffer, filepath_efs));
@@ -462,7 +462,7 @@ int dhd_write_rdwr_macaddr(struct ether_addr *mac)
char *filepath_data = MACINFO;
char *filepath_efs = MACINFO_EFS;
struct file *fp_mac = NULL;
- char buf[18] = {0};
+ char buf[MACBUFFER_SZ] = {0};
mm_segment_t oldfs = {0};
int ret = -1;
@@ -484,7 +484,7 @@ int dhd_write_rdwr_macaddr(struct ether_addr *mac)
if (fp_mac->f_mode & FMODE_WRITE) {
ret = fp_mac->f_op->write(fp_mac, (const char *)buf,
- sizeof(buf), &fp_mac->f_pos);
+ sizeof(buf) - 1 /* skip null byte */, &fp_mac->f_pos);
if (ret < 0)
DHD_ERROR(("[WIFI_SEC] Mac address [%s] Failed"
" to write into File: %s\n", buf, filepath_data));
@@ -506,7 +506,7 @@ int dhd_write_rdwr_macaddr(struct ether_addr *mac)
if (fp_mac->f_mode & FMODE_WRITE) {
ret = fp_mac->f_op->write(fp_mac, (const char *)buf,
- sizeof(buf), &fp_mac->f_pos);
+ sizeof(buf) - 1 /* skip null byte */, &fp_mac->f_pos);
if (ret < 0)
DHD_ERROR(("[WIFI_SEC] Mac address [%s] Failed"
" to write into File: %s\n", buf, filepath_efs));
@@ -527,9 +527,9 @@ int dhd_check_rdwr_macaddr(struct dhd_info *dhd, dhd_pub_t *dhdp,
{
struct file *fp_mac = NULL;
struct file *fp_nvm = NULL;
- char macbuffer[18] = {0};
+ char macbuffer[MACBUFFER_SZ] = {0};
char randommac[3] = {0};
- char buf[18] = {0};
+ char buf[MACBUFFER_SZ] = {0};
char *filepath_data = MACINFO;
char *filepath_efs = MACINFO_EFS;
#ifdef CONFIG_TARGET_LOCALE_NA
@@ -539,7 +539,7 @@ int dhd_check_rdwr_macaddr(struct dhd_info *dhd, dhd_pub_t *dhdp,
#endif
char cur_mac[128] = {0};
char dummy_mac[ETHER_ADDR_LEN] = {0x00, 0x90, 0x4C, 0xC5, 0x12, 0x38};
- char cur_macbuffer[18] = {0};
+ char cur_macbuffer[MACBUFFER_SZ] = {0};
int ret = -1;
g_imac_flag = MACADDR_NONE;
@@ -733,10 +733,10 @@ int dhd_check_rdwr_macaddr(struct dhd_info *dhd, dhd_pub_t *dhdp,
int dhd_write_rdwr_korics_macaddr(struct dhd_info *dhd, struct ether_addr *mac)
{
struct file *fp = NULL;
- char macbuffer[18] = {0};
+ char macbuffer[MACBUFFER_SZ] = {0};
mm_segment_t oldfs = {0};
char randommac[3] = {0};
- char buf[18] = {0};
+ char buf[MACBUFFER_SZ] = {0};
char *filepath_efs = MACINFO_EFS;
int is_zeromac = 0;
int ret = 0;
@@ -769,7 +769,7 @@ int dhd_write_rdwr_korics_macaddr(struct dhd_info *dhd, struct ether_addr *mac)
if (fp->f_mode & FMODE_WRITE) {
ret = fp->f_op->write(fp,
(const char *)macbuffer,
- sizeof(macbuffer), &fp->f_pos);
+ sizeof(macbuffer) - 1 /* skip null byte */, &fp->f_pos);
if (ret < 0)
DHD_ERROR(("[WIFI_SEC] Mac address [%s]"
" Failed to write into File:"
@@ -867,7 +867,7 @@ static void dhd_dump_cis(const unsigned char *buf, int size)
int i;
for (i = 0; i < size; i++) {
DHD_ERROR(("%02X ", buf[i]));
- if ((i % 15) == 15) DHD_ERROR(("\n"));
+ if ((i % 15) == 15) DHD_ERROR(("\n")); /* FIXME: Will always be false */
}
DHD_ERROR(("\n"));
}