From cbf6baac775f2e3fb61f88dcaa71e44fb34b6906 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Sat, 9 Oct 2010 13:54:06 +0200 Subject: [PATCH] Staging: brcm80211: make interface name buffer smaller In the original code the interface name was IFNAMSIZ + 1, but that caused problems in dhd_ifname2idx() which does: strncmp(dhd->iflist[i]->name, name, IFNAMSIZ) The wl_event_msg_t struct can only store 16 character names as well. And thirdly there is a potential buffer overflow in dhd_op_if() because if->net->name is IFNAMSIZ and we do: strcpy(ifp->net->name, ifp->name); Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- drivers/staging/brcm80211/brcmfmac/dhd_linux.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/staging/brcm80211/brcmfmac/dhd_linux.c b/drivers/staging/brcm80211/brcmfmac/dhd_linux.c index 0088d8ad9990..f98049b17af7 100644 --- a/drivers/staging/brcm80211/brcmfmac/dhd_linux.c +++ b/drivers/staging/brcm80211/brcmfmac/dhd_linux.c @@ -217,7 +217,7 @@ typedef struct dhd_if { u8 mac_addr[ETHER_ADDR_LEN]; /* assigned MAC address */ bool attached; /* Delayed attachment when unset */ bool txflowcontrol; /* Per interface flow control indicator */ - char name[IFNAMSIZ + 1]; /* linux interface name */ + char name[IFNAMSIZ]; /* linux interface name */ } dhd_if_t; /* Local private structure (extension of pub) */ @@ -1871,8 +1871,7 @@ dhd_add_if(dhd_info_t *dhd, int ifidx, void *handle, char *name, memset(ifp, 0, sizeof(dhd_if_t)); ifp->info = dhd; dhd->iflist[ifidx] = ifp; - strncpy(ifp->name, name, IFNAMSIZ); - ifp->name[IFNAMSIZ] = '\0'; + strlcpy(ifp->name, name, IFNAMSIZ); if (mac_addr != NULL) memcpy(&ifp->mac_addr, mac_addr, ETHER_ADDR_LEN); -- 2.39.5