lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 20 Jan 2013 18:05:52 +0800
From:	Chen Gang <gang.chen@...anux.com>
To:	Stanislaw Gruszka <sgruszka@...hat.com>,
	"John W. Linville" <linville@...driver.com>
CC:	linux-wireless@...r.kernel.org, netdev <netdev@...r.kernel.org>
Subject: [suggestion]  drivers/net/wireless/iwlegacy: the parameter 'const
 char *buf' may be not '\0' base string for DINFO

Hello Stanislaw, John

  we can not assume that the parameter 'const char *buf' is '\0' base string.
  and DINOF uses '%s' for buf (in line 3288..3289)
  so it will cause issue.

  I am not quite familiar with the detail features.
  so I send mail as a suggestion.
  please help checking, if this suggestion is valid, please help fixing, thanks.

  Regards

gchen.

3260 static ssize_t
3261 il3945_store_measurement(struct device *d, struct device_attribute *attr,
3262                          const char *buf, size_t count)
3263 {
3264         struct il_priv *il = dev_get_drvdata(d);
3265         struct ieee80211_measurement_params params = {
3266                 .channel = le16_to_cpu(il->active.channel),
3267                 .start_time = cpu_to_le64(il->_3945.last_tsf),
3268                 .duration = cpu_to_le16(1),
3269         };
3270         u8 type = IL_MEASURE_BASIC;
3271         u8 buffer[32];
3272         u8 channel;
3273 
3274         if (count) {
3275                 char *p = buffer;
3276                 strlcpy(buffer, buf, min(sizeof(buffer), count));
3277                 channel = simple_strtoul(p, NULL, 0);
3278                 if (channel)
3279                         params.channel = channel;
3280 
3281                 p = buffer;
3282                 while (*p && *p != ' ')
3283                         p++;
3284                 if (*p)
3285                         type = simple_strtoul(p + 1, NULL, 0);
3286         }
3287 
3288         D_INFO("Invoking measurement of type %d on " "channel %d (for '%s')\n",
3289                type, params.channel, buf);
3290         il3945_get_measurement(il, &params, type);
3291 
3292         return count;
3293 }
3294 




-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ