mac80211: add NULL terminator to debugfs_netdev write buf

Some debugfs write functions call kstrto* functions, which
assume the string is null-terminated. Make it valid by changing
ieee80211_if_write() to use static buffer instead of allocating
one, and set the last char to NULL.

(The write functions try to parse some integer/mac address,
so 64 bytes buffer should be enough)

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index f6de8a65f4020e70d7a630608eea166f6ef6b430..ef5cf2685657ff9327861a09e7db28fc312b41d1 100644 (file)
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -49,16 +49,15 @@ static ssize_t ieee80211_if_write(
        size_t count, loff_t *ppos,
        ssize_t (*write)(struct ieee80211_sub_if_data *, const char *, int))
 {
-       u8 *buf;
+       char buf[64];
        ssize_t ret;
 
-       buf = kmalloc(count, GFP_KERNEL);
-       if (!buf)
-               return -ENOMEM;
+       if (count >= sizeof(buf))
+               return -E2BIG;
 
-       ret = -EFAULT;
        if (copy_from_user(buf, userbuf, count))
-               goto freebuf;
+               return -EFAULT;
+       buf[count] = '\0';
 
        ret = -ENODEV;
        rtnl_lock();
@@ -66,8 +65,6 @@ static ssize_t ieee80211_if_write(
                ret = (*write)(sdata, buf, count);
        rtnl_unlock();
 
-freebuf:
-       kfree(buf);
        return ret;
 }