Commit cf79ee6e authored by Len Baker's avatar Len Baker Committed by Greg Kroah-Hartman

staging/rtl8192e: Remove all strcpy() uses

strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().

It is also dangerous a strcpy() followed by a strcat(). In this case,
refactor the code using scnprintf() and avoid this combination.
Signed-off-by: default avatarLen Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210723173216.12157-1-len.baker@gmx.comSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 36174650
...@@ -2167,7 +2167,7 @@ rtl92e_init_variables(struct net_device *dev) ...@@ -2167,7 +2167,7 @@ rtl92e_init_variables(struct net_device *dev)
{ {
struct r8192_priv *priv = rtllib_priv(dev); struct r8192_priv *priv = rtllib_priv(dev);
strcpy(priv->nick, "rtl8192E"); strscpy(priv->nick, "rtl8192E", sizeof(priv->nick));
priv->rtllib->softmac_features = IEEE_SOFTMAC_SCAN | priv->rtllib->softmac_features = IEEE_SOFTMAC_SCAN |
IEEE_SOFTMAC_ASSOCIATE | IEEE_SOFTMAC_PROBERQ | IEEE_SOFTMAC_ASSOCIATE | IEEE_SOFTMAC_PROBERQ |
......
...@@ -2582,7 +2582,8 @@ static void rtllib_start_ibss_wq(void *data) ...@@ -2582,7 +2582,8 @@ static void rtllib_start_ibss_wq(void *data)
mutex_lock(&ieee->wx_mutex); mutex_lock(&ieee->wx_mutex);
if (ieee->current_network.ssid_len == 0) { if (ieee->current_network.ssid_len == 0) {
strcpy(ieee->current_network.ssid, RTLLIB_DEFAULT_TX_ESSID); strscpy(ieee->current_network.ssid, RTLLIB_DEFAULT_TX_ESSID,
sizeof(ieee->current_network.ssid));
ieee->current_network.ssid_len = strlen(RTLLIB_DEFAULT_TX_ESSID); ieee->current_network.ssid_len = strlen(RTLLIB_DEFAULT_TX_ESSID);
ieee->ssid_set = 1; ieee->ssid_set = 1;
} }
......
...@@ -539,18 +539,14 @@ int rtllib_wx_set_rawtx(struct rtllib_device *ieee, ...@@ -539,18 +539,14 @@ int rtllib_wx_set_rawtx(struct rtllib_device *ieee,
} }
EXPORT_SYMBOL(rtllib_wx_set_rawtx); EXPORT_SYMBOL(rtllib_wx_set_rawtx);
int rtllib_wx_get_name(struct rtllib_device *ieee, int rtllib_wx_get_name(struct rtllib_device *ieee, struct iw_request_info *info,
struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
union iwreq_data *wrqu, char *extra)
{ {
strcpy(wrqu->name, "802.11"); const char *b = ieee->modulation & RTLLIB_CCK_MODULATION ? "b" : "";
const char *g = ieee->modulation & RTLLIB_OFDM_MODULATION ? "g" : "";
if (ieee->modulation & RTLLIB_CCK_MODULATION) const char *n = ieee->mode & (IEEE_N_24G | IEEE_N_5G) ? "n" : "";
strcat(wrqu->name, "b");
if (ieee->modulation & RTLLIB_OFDM_MODULATION) scnprintf(wrqu->name, sizeof(wrqu->name), "802.11%s%s%s", b, g, n);
strcat(wrqu->name, "g");
if (ieee->mode & (IEEE_N_24G | IEEE_N_5G))
strcat(wrqu->name, "n");
return 0; return 0;
} }
EXPORT_SYMBOL(rtllib_wx_get_name); EXPORT_SYMBOL(rtllib_wx_get_name);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment