projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5fc95c4)
staging: rtl8723bs: core: Replace sprintf with scnprintf
authorCandy Febriyanto <cfebriyanto@gmail.com>
Mon, 1 Mar 2021 14:58:17 +0000 (21:58 +0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 10 Mar 2021 08:25:31 +0000 (09:25 +0100)
The use of sprintf with format string here means that there is a risk
that the writes will go out of bounds, replace it with scnprintf.

In on_action_public_default the variable "cnt" isn't being used for
anything meaningful so remove it.

Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Candy Febriyanto <cfebriyanto@gmail.com>
Link: https://lore.kernel.org/r/6c260641164d6856fc4447555fe739124cb27c19.1614610197.git.cfebriyanto@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c patch | blob | history
drivers/staging/rtl8723bs/core/rtw_pwrctrl.c patch | blob | history

diff --git a/drivers/staging/rtl8723bs/core/rtw_mlme_ext.c b/drivers/staging/rtl8723bs/core/rtw_mlme_ext.c
index fa4b0259c5ae18fda0846c3dfe1f5933bb498e55..3443a5764c50bfdc2eaf799b8425348e8a2320eb 100644 (file)
--- a/drivers/staging/rtl8723bs/core/rtw_mlme_ext.c
+++ b/drivers/staging/rtl8723bs/core/rtw_mlme_ext.c
@@ -2084,7 +2084,6 @@ static unsigned int on_action_public_default(union recv_frame *precv_frame, u8 a
        u8 *frame_body = pframe + sizeof(struct ieee80211_hdr_3addr);
        u8 token;
        struct adapter *adapter = precv_frame->u.hdr.adapter;
-       int cnt = 0;
        char msg[64];
 
        token = frame_body[2];
@@ -2092,7 +2091,7 @@ static unsigned int on_action_public_default(union recv_frame *precv_frame, u8 a
        if (rtw_action_public_decache(precv_frame, token) == _FAIL)
                goto exit;
 
-       cnt += sprintf((msg+cnt), "%s(token:%u)", action_public_str(action), token);
+       scnprintf(msg, sizeof(msg), "%s(token:%u)", action_public_str(action), token);
        rtw_cfg80211_rx_action(adapter, pframe, frame_len, msg);
 
        ret = _SUCCESS;
diff --git a/drivers/staging/rtl8723bs/core/rtw_pwrctrl.c b/drivers/staging/rtl8723bs/core/rtw_pwrctrl.c
index 5b05d1eaa32832fbdfa2644a730756abd187180d..c9f4a18b24b946ff06d8b5306ee79b59e6b554dc 100644 (file)
--- a/drivers/staging/rtl8723bs/core/rtw_pwrctrl.c
+++ b/drivers/staging/rtl8723bs/core/rtw_pwrctrl.c
@@ -554,7 +554,7 @@ void LPS_Enter(struct adapter *padapter, const char *msg)
                /*  Idle for a while if we connect to AP a while ago. */
                if (pwrpriv->LpsIdleCount >= 2) { /*   4 Sec */
                        if (pwrpriv->pwr_mode == PS_MODE_ACTIVE) {
-                               sprintf(buf, "WIFI-%s", msg);
+                               scnprintf(buf, sizeof(buf), "WIFI-%s", msg);
                                pwrpriv->bpower_saving = true;
                                rtw_set_ps_mode(padapter, pwrpriv->power_mgnt, padapter->registrypriv.smart_ps, 0, buf);
                        }
@@ -584,7 +584,7 @@ void LPS_Leave(struct adapter *padapter, const char *msg)
 
        if (pwrpriv->bLeisurePs) {
                if (pwrpriv->pwr_mode != PS_MODE_ACTIVE) {
-                       sprintf(buf, "WIFI-%s", msg);
+                       scnprintf(buf, sizeof(buf), "WIFI-%s", msg);
                        rtw_set_ps_mode(padapter, PS_MODE_ACTIVE, 0, 0, buf);
 
                        if (pwrpriv->pwr_mode == PS_MODE_ACTIVE)
ep93xx device tree rework repo: git://git.maquefel.me/linux.git