[thirdparty/kernel/stable-queue.git] / queue-4.4 / ath10k-avoid-possible-string-overflow.patch

From 6707ba0105a2d350710bc0a537a98f49eb4b895d Mon Sep 17 00:00:00 2001
From: Arnd Bergmann <arnd@arndb.de>
Date: Thu, 29 Mar 2018 00:06:10 +0200
Subject: ath10k: avoid possible string overflow

From: Arnd Bergmann <arnd@arndb.de>

commit 6707ba0105a2d350710bc0a537a98f49eb4b895d upstream.

The way that 'strncat' is used here raised a warning in gcc-8:

drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]

Effectively, this is simply a strcat() but the use of strncat() suggests
some form of overflow check. Regardless of whether this might actually
overflow, using strlcat() instead of strncat() avoids the warning and
makes the code more robust.

Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/ath/ath10k/wmi.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -4065,7 +4065,7 @@ static void ath10k_tpc_config_disp_table
 							    rate_code[i],
 							    type);
 			snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
-			strncat(tpc_value, buff, strlen(buff));
+			strlcat(tpc_value, buff, sizeof(tpc_value));
 		}
 		tpc_stats->tpc_table[type].pream_idx[i] = pream_idx;
 		tpc_stats->tpc_table[type].rate_code[i] = rate_code[i];
Commit	Line	Data
045f164e GKH	1	From 6707ba0105a2d350710bc0a537a98f49eb4b895d Mon Sep 17 00:00:00 2001
	2	From: Arnd Bergmann <arnd@arndb.de>
	3	Date: Thu, 29 Mar 2018 00:06:10 +0200
	4	Subject: ath10k: avoid possible string overflow
	5
	6	From: Arnd Bergmann <arnd@arndb.de>
	7
	8	commit 6707ba0105a2d350710bc0a537a98f49eb4b895d upstream.
	9
	10	The way that 'strncat' is used here raised a warning in gcc-8:
	11
	12	drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
	13	drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
	14
	15	Effectively, this is simply a strcat() but the use of strncat() suggests
	16	some form of overflow check. Regardless of whether this might actually
	17	overflow, using strlcat() instead of strncat() avoids the warning and
	18	makes the code more robust.
	19
	20	Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
	21	Signed-off-by: Arnd Bergmann <arnd@arndb.de>
	22	Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
	23	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	24
	25	---
	26	drivers/net/wireless/ath/ath10k/wmi.c \| 2 +-
	27	1 file changed, 1 insertion(+), 1 deletion(-)
	28
	29	--- a/drivers/net/wireless/ath/ath10k/wmi.c
	30	+++ b/drivers/net/wireless/ath/ath10k/wmi.c
	31	@@ -4065,7 +4065,7 @@ static void ath10k_tpc_config_disp_table
	32	rate_code[i],
	33	type);
	34	snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
	35	- strncat(tpc_value, buff, strlen(buff));
	36	+ strlcat(tpc_value, buff, sizeof(tpc_value));
	37	}
	38	tpc_stats->tpc_table[type].pream_idx[i] = pream_idx;
	39	tpc_stats->tpc_table[type].rate_code[i] = rate_code[i];