mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-09-21 03:43:03 +00:00
qcacld-2.0: Fix error check for insufficient buffer in AP stats collection
Replace 'scnprintf' with 'snprintf' to know the number of bytes that were attempted to be copied while calculating the AP stats. This is needed to know if the supplied buffer was long enough or not. Since ‘scnprintf’ returns only the number of characters written into the buffer, it is not helpful here and hence replacing it with ‘snprintf’ which returns the number of bytes attempted to copy. snprintf's return value doesn't include the terminating null byte. Change-Id: I141d65321afb16d589800cf5ac25edbf58775676 CRs-Fixed: 997777
This commit is contained in:
parent
f373db5c6e
commit
1f56f872fb
|
@ -4277,7 +4277,7 @@ static __iw_softap_ap_stats(struct net_device *dev,
|
|||
hddLog(LOG1, "unable to allocate memory");
|
||||
return -ENOMEM;
|
||||
}
|
||||
len = scnprintf(pstatbuf, wrqu->data.length,
|
||||
len = snprintf(pstatbuf, wrqu->data.length,
|
||||
"RUF=%d RMF=%d RBF=%d "
|
||||
"RUB=%d RMB=%d RBB=%d "
|
||||
"TUF=%d TMF=%d TBF=%d "
|
||||
|
@ -4289,14 +4289,18 @@ static __iw_softap_ap_stats(struct net_device *dev,
|
|||
(int)statBuffer.txBCFcnt, (int)statBuffer.txUCBcnt,
|
||||
(int)statBuffer.txMCBcnt, (int)statBuffer.txBCBcnt);
|
||||
|
||||
if (len > wrqu->data.length ||
|
||||
copy_to_user((void *)wrqu->data.pointer, (void *)pstatbuf, len))
|
||||
{
|
||||
if (len >= wrqu->data.length) {
|
||||
hddLog(LOG1, "%s: Insufficient buffer:%d, %d",
|
||||
__func__, wrqu->data.length, len);
|
||||
kfree(pstatbuf);
|
||||
return -E2BIG;
|
||||
}
|
||||
if (copy_to_user((void *)wrqu->data.pointer, (void *)pstatbuf, len)) {
|
||||
hddLog(LOG1, "%s: failed to copy data to user buffer", __func__);
|
||||
kfree(pstatbuf);
|
||||
return -EFAULT;
|
||||
}
|
||||
wrqu->data.length -= len;
|
||||
wrqu->data.length = len;
|
||||
kfree(pstatbuf);
|
||||
EXIT();
|
||||
return 0;
|
||||
|
|
Loading…
Reference in a new issue