Commit 3cc6c6bd authored by Brian Norris's avatar Brian Norris Committed by Willy Tarreau

mwifiex: printk() overflow with 32-byte SSIDs

commit fcd2042e upstream.

SSIDs aren't guaranteed to be 0-terminated. Let's cap the max length
when we print them out.

This can be easily noticed by connecting to a network with a 32-octet
SSID:

[ 3903.502925] mwifiex_pcie 0000:01:00.0: info: trying to associate to
'0123456789abcdef0123456789abcdef <uninitialized mem>' bssid
xx:xx:xx:xx:xx:xx

Fixes: 5e6e3a92 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
Signed-off-by: default avatarBrian Norris <briannorris@chromium.org>
Acked-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
parent 98db9446
...@@ -1633,8 +1633,9 @@ mwifiex_cfg80211_assoc(struct mwifiex_private *priv, size_t ssid_len, u8 *ssid, ...@@ -1633,8 +1633,9 @@ mwifiex_cfg80211_assoc(struct mwifiex_private *priv, size_t ssid_len, u8 *ssid,
is_scanning_required = 1; is_scanning_required = 1;
} else { } else {
dev_dbg(priv->adapter->dev, dev_dbg(priv->adapter->dev,
"info: trying to associate to '%s' bssid %pM\n", "info: trying to associate to '%.*s' bssid %pM\n",
(char *) req_ssid.ssid, bss->bssid); req_ssid.ssid_len, (char *)req_ssid.ssid,
bss->bssid);
memcpy(&priv->cfg_bssid, bss->bssid, ETH_ALEN); memcpy(&priv->cfg_bssid, bss->bssid, ETH_ALEN);
break; break;
} }
...@@ -1675,8 +1676,8 @@ mwifiex_cfg80211_connect(struct wiphy *wiphy, struct net_device *dev, ...@@ -1675,8 +1676,8 @@ mwifiex_cfg80211_connect(struct wiphy *wiphy, struct net_device *dev,
return -EINVAL; return -EINVAL;
} }
wiphy_dbg(wiphy, "info: Trying to associate to %s and bssid %pM\n", wiphy_dbg(wiphy, "info: Trying to associate to %.*s and bssid %pM\n",
(char *) sme->ssid, sme->bssid); (int)sme->ssid_len, (char *)sme->ssid, sme->bssid);
ret = mwifiex_cfg80211_assoc(priv, sme->ssid_len, sme->ssid, sme->bssid, ret = mwifiex_cfg80211_assoc(priv, sme->ssid_len, sme->ssid, sme->bssid,
priv->bss_mode, sme->channel, sme, 0); priv->bss_mode, sme->channel, sme, 0);
...@@ -1799,8 +1800,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy *wiphy, struct net_device *dev, ...@@ -1799,8 +1800,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,
goto done; goto done;
} }
wiphy_dbg(wiphy, "info: trying to join to %s and bssid %pM\n", wiphy_dbg(wiphy, "info: trying to join to %.*s and bssid %pM\n",
(char *) params->ssid, params->bssid); params->ssid_len, (char *)params->ssid, params->bssid);
mwifiex_set_ibss_params(priv, params); mwifiex_set_ibss_params(priv, params);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment