aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorChristian Neumüller <cn00@gmx.at>2014-09-09 14:07:11 +0200
committerEthan Chen <intervigil@gmail.com>2015-03-11 02:14:00 +0000
commit0ef5a06bceb576a1135770111577f7700fe1ef93 (patch)
tree06cf7a36684051e23110846564a7afc157881851 /drivers
parent339b2cb7d4876f4acf7389c38fc85cc5e35801ee (diff)
downloadkernel_samsung_smdk4412-0ef5a06bceb576a1135770111577f7700fe1ef93.zip
kernel_samsung_smdk4412-0ef5a06bceb576a1135770111577f7700fe1ef93.tar.gz
kernel_samsung_smdk4412-0ef5a06bceb576a1135770111577f7700fe1ef93.tar.bz2
bcmdhd wireless: Fix more off by one errors.
These were not detected by the stack protector, either because the functions where not called or because the corruption hits a local variable. Change-Id: I385c81b133ee09c28df56597df3fb25d9c063f43
Diffstat (limited to 'drivers')
-rwxr-xr-xdrivers/net/wireless/bcmdhd/dhd_custom_sec.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/drivers/net/wireless/bcmdhd/dhd_custom_sec.c b/drivers/net/wireless/bcmdhd/dhd_custom_sec.c
index 9a29891..3dbfc9f 100755
--- a/drivers/net/wireless/bcmdhd/dhd_custom_sec.c
+++ b/drivers/net/wireless/bcmdhd/dhd_custom_sec.c
@@ -330,10 +330,10 @@ void get_customized_country_code(char *country_iso_code, wl_country_t *cspec)
int dhd_read_macaddr(struct dhd_info *dhd, struct ether_addr *mac)
{
struct file *fp = NULL;
- char macbuffer[18] = {0};
+ char macbuffer[MACBUFFER_SZ] = {0};
mm_segment_t oldfs = {0};
char randommac[3] = {0};
- char buf[18] = {0};
+ char buf[MACBUFFER_SZ] = {0};
char *filepath_efs = MACINFO_EFS;
int ret = 0;
@@ -358,7 +358,7 @@ start_readmac:
if (fp->f_mode & FMODE_WRITE) {
ret = fp->f_op->write(fp, (const char *)macbuffer,
- sizeof(macbuffer), &fp->f_pos);
+ sizeof(macbuffer) - 1 /* skip null byte */, &fp->f_pos);
if (ret < 0)
DHD_ERROR(("[WIFI]MAC address [%s] Failed to write into File: %s\n",
macbuffer, filepath_efs));
@@ -425,7 +425,7 @@ int dhd_write_rdwr_macaddr(struct ether_addr *mac)
char *filepath_data = MACINFO;
char *filepath_efs = MACINFO_EFS;
struct file *fp_mac = NULL;
- char buf[18] = {0};
+ char buf[MACBUFFER_SZ] = {0};
mm_segment_t oldfs = {0};
int ret = -1;
@@ -447,7 +447,7 @@ int dhd_write_rdwr_macaddr(struct ether_addr *mac)
if (fp_mac->f_mode & FMODE_WRITE) {
ret = fp_mac->f_op->write(fp_mac, (const char *)buf,
- sizeof(buf), &fp_mac->f_pos);
+ sizeof(buf) - 1 /* skip null byte */, &fp_mac->f_pos);
if (ret < 0)
DHD_ERROR(("[WIFI] Mac address [%s] Failed"
" to write into File: %s\n", buf, filepath_data));
@@ -469,7 +469,7 @@ int dhd_write_rdwr_macaddr(struct ether_addr *mac)
if (fp_mac->f_mode & FMODE_WRITE) {
ret = fp_mac->f_op->write(fp_mac, (const char *)buf,
- sizeof(buf), &fp_mac->f_pos);
+ sizeof(buf) - 1 /* skip null byte */, &fp_mac->f_pos);
if (ret < 0)
DHD_ERROR(("[WIFI] Mac address [%s] Failed"
" to write into File: %s\n", buf, filepath_efs));
@@ -490,9 +490,9 @@ int dhd_check_rdwr_macaddr(struct dhd_info *dhd, dhd_pub_t *dhdp,
{
struct file *fp_mac = NULL;
struct file *fp_nvm = NULL;
- char macbuffer[18] = {0};
+ char macbuffer[MACBUFFER_SZ] = {0};
char randommac[3] = {0};
- char buf[18] = {0};
+ char buf[MACBUFFER_SZ] = {0};
char *filepath_data = MACINFO;
char *filepath_efs = MACINFO_EFS;
#ifdef CONFIG_TARGET_LOCALE_NA
@@ -502,7 +502,7 @@ int dhd_check_rdwr_macaddr(struct dhd_info *dhd, dhd_pub_t *dhdp,
#endif
char cur_mac[128] = {0};
char dummy_mac[ETHER_ADDR_LEN] = {0x00, 0x90, 0x4C, 0xC5, 0x12, 0x38};
- char cur_macbuffer[18] = {0};
+ char cur_macbuffer[MACBUFFER_SZ] = {0};
int ret = -1;
g_imac_flag = MACADDR_NONE;
@@ -696,10 +696,10 @@ int dhd_check_rdwr_macaddr(struct dhd_info *dhd, dhd_pub_t *dhdp,
int dhd_write_rdwr_korics_macaddr(struct dhd_info *dhd, struct ether_addr *mac)
{
struct file *fp = NULL;
- char macbuffer[18] = {0};
+ char macbuffer[MACBUFFER_SZ] = {0};
mm_segment_t oldfs = {0};
char randommac[3] = {0};
- char buf[18] = {0};
+ char buf[MACBUFFER_SZ] = {0};
char *filepath_efs = MACINFO_EFS;
int is_zeromac = 0;
int ret = 0;
@@ -732,7 +732,7 @@ int dhd_write_rdwr_korics_macaddr(struct dhd_info *dhd, struct ether_addr *mac)
if (fp->f_mode & FMODE_WRITE) {
ret = fp->f_op->write(fp,
(const char *)macbuffer,
- sizeof(macbuffer), &fp->f_pos);
+ sizeof(macbuffer) - 1 /* skip null byte */, &fp->f_pos);
if (ret < 0)
DHD_ERROR(("[WIFI] Mac address [%s]"
" Failed to write into File:"
@@ -830,7 +830,7 @@ static void dhd_dump_cis(const unsigned char *buf, int size)
int i;
for (i = 0; i < size; i++) {
DHD_ERROR(("%02X ", buf[i]));
- if ((i % 15) == 15) DHD_ERROR(("\n"));
+ if ((i % 15) == 15) DHD_ERROR(("\n")); /* FIXME: Will always be false */
}
DHD_ERROR(("\n"));
}