From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 26 Mar 2019 02:41:09 +0000 (+0900)
Subject: 4.4-stable patches
X-Git-Tag: v4.9.166~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=045f164e15b332229e95fcbf16cf6c2072247c80;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	ath10k-avoid-possible-string-overflow.patch
---

diff --git a/queue-4.4/ath10k-avoid-possible-string-overflow.patch b/queue-4.4/ath10k-avoid-possible-string-overflow.patch
new file mode 100644
index 00000000000..2b5632db568
--- /dev/null
+++ b/queue-4.4/ath10k-avoid-possible-string-overflow.patch
@@ -0,0 +1,39 @@
+From 6707ba0105a2d350710bc0a537a98f49eb4b895d Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Thu, 29 Mar 2018 00:06:10 +0200
+Subject: ath10k: avoid possible string overflow
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 6707ba0105a2d350710bc0a537a98f49eb4b895d upstream.
+
+The way that 'strncat' is used here raised a warning in gcc-8:
+
+drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath10k_wmi_tpc_stats_final_disp_tables':
+drivers/net/wireless/ath/ath10k/wmi.c:4649:4: error: 'strncat' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
+
+Effectively, this is simply a strcat() but the use of strncat() suggests
+some form of overflow check. Regardless of whether this might actually
+overflow, using strlcat() instead of strncat() avoids the warning and
+makes the code more robust.
+
+Fixes: bc64d05220f3 ("ath10k: debugfs support to get final TPC stats for 10.4 variants")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ath/ath10k/wmi.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath10k/wmi.c
++++ b/drivers/net/wireless/ath/ath10k/wmi.c
+@@ -4065,7 +4065,7 @@ static void ath10k_tpc_config_disp_table
+ 							    rate_code[i],
+ 							    type);
+ 			snprintf(buff, sizeof(buff), "%8d ", tpc[j]);
+-			strncat(tpc_value, buff, strlen(buff));
++			strlcat(tpc_value, buff, sizeof(tpc_value));
+ 		}
+ 		tpc_stats->tpc_table[type].pream_idx[i] = pream_idx;
+ 		tpc_stats->tpc_table[type].rate_code[i] = rate_code[i];
diff --git a/queue-4.4/series b/queue-4.4/series
index 2fff9e94bf3..ea5e62945d6 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -34,3 +34,4 @@ serial-sprd-clear-timeout-interrupt-only-rather-than-all-interrupts.patch
 lib-int_sqrt-optimize-small-argument.patch
 usb-core-only-clean-up-what-we-allocated.patch
 rtc-fix-overflow-when-converting-time64_t-to-rtc_time.patch
+ath10k-avoid-possible-string-overflow.patch