wireless: airo: potential buffer overflow in sprintf() (3d39e1bb) · Commits · e / devices / android_kernel_fairphone_FP5

drivers/net/wireless/cisco/airo.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -5462,7 +5462,7 @@ static int proc_BSSList_open( struct inode inode, struct file file ) {
	we have to add a spin lock... */		we have to add a spin lock... */
	rc = readBSSListRid(ai, doLoseSync, &BSSList_rid);		rc = readBSSListRid(ai, doLoseSync, &BSSList_rid);
	while(rc == 0 && BSSList_rid.index != cpu_to_le16(0xffff)) {		while(rc == 0 && BSSList_rid.index != cpu_to_le16(0xffff)) {
	ptr += sprintf(ptr, "%pM %*s rssi = %d",		ptr += sprintf(ptr, "%pM %.*s rssi = %d",
	BSSList_rid.bssid,		BSSList_rid.bssid,
	(int)BSSList_rid.ssidLen,		(int)BSSList_rid.ssidLen,
	BSSList_rid.ssid,		BSSList_rid.ssid,