From patchwork Sat Nov  8 02:35:58 2008
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jianjun kong <jianjun@zeuux.org>
X-Patchwork-Id: 7841
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by ozlabs.org (Postfix) with ESMTP id 1D9A2DDDE6
	for <patchwork-incoming@ozlabs.org>;
	Sat,  8 Nov 2008 13:35:56 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752614AbYKHCfy (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 7 Nov 2008 21:35:54 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752572AbYKHCfy
	(ORCPT <rfc822;netdev-outgoing>); Fri, 7 Nov 2008 21:35:54 -0500
Received: from smtp.zeuux.org ([210.51.160.52]:60823 "EHLO z.billxu.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751780AbYKHCfw (ORCPT <rfc822;netdev@vger.kernel.org>);
	Fri, 7 Nov 2008 21:35:52 -0500
Received: from localhost (localhost [127.0.0.1])
	by z.billxu.com (Postfix) with ESMTP id 62606735C60;
	Sat,  8 Nov 2008 10:35:49 +0800 (CST)
Received: from localhost (unknown [221.11.22.42])
	by z.billxu.com (Postfix) with ESMTP id D88D9735C5D;
	Sat,  8 Nov 2008 10:35:44 +0800 (CST)
Date: Sat, 8 Nov 2008 10:35:58 +0800
From: Jianjun Kong <jianjun@zeuux.org>
To: linville@tuxdriver.com
Cc: Linux-Kernel-Mailing-List <linux-kernel@vger.kernel.org>,
	netdev <netdev@vger.kernel.org>
Subject: [PATCH] nets: fix a buffer overrun
Message-ID: <20081108023558.GB6384@ubuntu>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

net/mac80211/debugfs_sta.c
The trailing zero was written to state[4], it's out of bounds.

Signed-off-by: Jianjun Kong <jianjun@zeuux.org>
---
 net/mac80211/debugfs_sta.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 189d0ba..b85c4f2 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -199,7 +199,7 @@ static ssize_t sta_agg_status_write(struct file *file,
 		/* toggle Rx aggregation command */
 		tid_num = tid_num - 100;
 		if (tid_static_rx[tid_num] == 1) {
-			strcpy(state, "off ");
+			strcpy(state, "off");
 			ieee80211_sta_stop_rx_ba_session(sta->sdata, da, tid_num, 0,
 					WLAN_REASON_QSTA_REQUIRE_SETUP);
 			sta->ampdu_mlme.tid_state_rx[tid_num] |=