From 67a88e6390e52e42b72342a88fab458ada00ba28 Mon Sep 17 00:00:00 2001
From: Peter Huewe <peterhuewe@gmx.de>
Date: Thu, 14 Feb 2013 04:08:55 +0100
Subject: staging/rtl8192u/ieee80211: Fix buffer overflow in
 ieee80211_softmac_wx.c

Clang/scan-build complains about a possible buffer overflow in
ieee80211_wx_get_name:

.../staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c:499:3:
warning: String copy function overflows destination buffer
	strcat(wrqu->name," link..");

.../staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c:497:3:
warning: String copy function overflows destination buffer
	strcat(wrqu->name," linked");

The buffer wrqu->name is only IFNAMSIZ bytes big (currently 16),
so if we have a "802.11b/g/n linked" device we overrun the buffer by 3
bytes.

-> Use strlcopy / strlcat to populate the name.
This is done in a similar fashion in
staging/rtl8187se/ieee80211/ieee80211_softmac_wx.c

While at it cleaned some whitespace issues.

Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c
index 45422db..60746b8 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c
@@ -482,22 +482,23 @@ int ieee80211_wx_get_name(struct ieee80211_device *ieee,
 			     struct iw_request_info *info,
 			     union iwreq_data *wrqu, char *extra)
 {
-	strcpy(wrqu->name, "802.11");
-	if(ieee->modulation & IEEE80211_CCK_MODULATION){
-		strcat(wrqu->name, "b");
-		if(ieee->modulation & IEEE80211_OFDM_MODULATION)
-			strcat(wrqu->name, "/g");
-	}else if(ieee->modulation & IEEE80211_OFDM_MODULATION)
-		strcat(wrqu->name, "g");
-	if (ieee->mode & (IEEE_N_24G | IEEE_N_5G))
-		strcat(wrqu->name, "/n");
+	strlcpy(wrqu->name, "802.11", IFNAMSIZ);
+	if (ieee->modulation & IEEE80211_CCK_MODULATION) {
+		strlcat(wrqu->name, "b", IFNAMSIZ);
+		if (ieee->modulation & IEEE80211_OFDM_MODULATION)
+			strlcat(wrqu->name, "/g", IFNAMSIZ);
+	} else if (ieee->modulation & IEEE80211_OFDM_MODULATION) {
+		strlcat(wrqu->name, "g", IFNAMSIZ);
+	}
 
-	if((ieee->state == IEEE80211_LINKED) ||
-		(ieee->state == IEEE80211_LINKED_SCANNING))
-		strcat(wrqu->name," linked");
-	else if(ieee->state != IEEE80211_NOLINK)
-		strcat(wrqu->name," link..");
+	if (ieee->mode & (IEEE_N_24G | IEEE_N_5G))
+		strlcat(wrqu->name, "/n", IFNAMSIZ);
 
+	if ((ieee->state == IEEE80211_LINKED) ||
+	    (ieee->state == IEEE80211_LINKED_SCANNING))
+		strlcat(wrqu->name, " linked", IFNAMSIZ);
+	else if (ieee->state != IEEE80211_NOLINK)
+		strlcat(wrqu->name, " link..", IFNAMSIZ);
 
 	return 0;
 }
-- 
cgit v0.10.2