Commit cf79ee6e authored by Len Baker's avatar Len Baker Committed by Greg Kroah-Hartman
Browse files

staging/rtl8192e: Remove all strcpy() uses 



strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().

It is also dangerous a strcpy() followed by a strcat(). In this case,
refactor the code using scnprintf() and avoid this combination.

Signed-off-by: default avatarLen Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210723173216.12157-1-len.baker@gmx.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 36174650

drivers/staging/rtl8192e/rtl8192e/r8192E_dev.c

+1 −1
Original line number Diff line number Diff line
@@ -2167,7 +2167,7 @@ rtl92e_init_variables(struct net_device *dev) 
{

	struct r8192_priv *priv = rtllib_priv(dev);



	strcpy(priv->nick, "rtl8192E");

	strscpy(priv->nick, "rtl8192E", sizeof(priv->nick));



	priv->rtllib->softmac_features  = IEEE_SOFTMAC_SCAN |

		IEEE_SOFTMAC_ASSOCIATE | IEEE_SOFTMAC_PROBERQ |

drivers/staging/rtl8192e/rtllib_softmac.c

+2 −1
Original line number Diff line number Diff line
@@ -2582,7 +2582,8 @@ static void rtllib_start_ibss_wq(void *data) 
	mutex_lock(&ieee->wx_mutex);



	if (ieee->current_network.ssid_len == 0) {

		strcpy(ieee->current_network.ssid, RTLLIB_DEFAULT_TX_ESSID);

		strscpy(ieee->current_network.ssid, RTLLIB_DEFAULT_TX_ESSID,

			sizeof(ieee->current_network.ssid));

		ieee->current_network.ssid_len = strlen(RTLLIB_DEFAULT_TX_ESSID);

		ieee->ssid_set = 1;

	}

drivers/staging/rtl8192e/rtllib_softmac_wx.c

+7 −11
Original line number Diff line number Diff line
@@ -539,18 +539,14 @@ int rtllib_wx_set_rawtx(struct rtllib_device *ieee, 
}

EXPORT_SYMBOL(rtllib_wx_set_rawtx);



int rtllib_wx_get_name(struct rtllib_device *ieee,

			     struct iw_request_info *info,

int rtllib_wx_get_name(struct rtllib_device *ieee, struct iw_request_info *info,

		       union iwreq_data *wrqu, char *extra)

{

	strcpy(wrqu->name, "802.11");



	if (ieee->modulation & RTLLIB_CCK_MODULATION)

		strcat(wrqu->name, "b");

	if (ieee->modulation & RTLLIB_OFDM_MODULATION)

		strcat(wrqu->name, "g");

	if (ieee->mode & (IEEE_N_24G | IEEE_N_5G))

		strcat(wrqu->name, "n");

	const char *b = ieee->modulation & RTLLIB_CCK_MODULATION ? "b" : "";

	const char *g = ieee->modulation & RTLLIB_OFDM_MODULATION ? "g" : "";

	const char *n = ieee->mode & (IEEE_N_24G | IEEE_N_5G) ? "n" : "";



	scnprintf(wrqu->name, sizeof(wrqu->name), "802.11%s%s%s", b, g, n);

	return 0;

}

EXPORT_SYMBOL(rtllib_wx_get_name);