atmel: using strlcpy() to avoid possible buffer overflows

'firmware' is a module param which may been longer than firmware_id,
so using strlcpy() to guard against overflows. Also priv is allocated
with zeroed memory,no need to set firmware_id[0] to '\0'.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/atmel/atmel.c b/drivers/net/wireless/atmel/atmel.c
index 0d8e0af3f74b1bc3b7af227222518cba87ea25e2..3ed3d9f6aae91b5a76d6caee9ac714b1824db6d5 100644 (file)
--- a/drivers/net/wireless/atmel/atmel.c
+++ b/drivers/net/wireless/atmel/atmel.c
@@ -1516,10 +1516,9 @@ struct net_device *init_atmel_card(unsigned short irq, unsigned long port,
        priv->present_callback = card_present;
        priv->card = card;
        priv->firmware = NULL;
-       priv->firmware_id[0] = '\0';
        priv->firmware_type = fw_type;
        if (firmware) /* module parameter */
-               strcpy(priv->firmware_id, firmware);
+               strlcpy(priv->firmware_id, firmware, sizeof(priv->firmware_id));
        priv->bus_type = card_present ? BUS_TYPE_PCCARD : BUS_TYPE_PCI;
        priv->station_state = STATION_STATE_DOWN;
        priv->do_rx_crc = 0;