@@ -56,7 +56,7 @@ struct ias_object *irias_new_object( char *name, int id)
}
obj->magic = IAS_OBJECT_MAGIC;
- obj->name = kstrndup(name, IAS_MAX_CLASSNAME, GFP_ATOMIC);
+ obj->name = kstrndup(name, IAS_MAX_CLASSNAME - 1, GFP_ATOMIC);
if (!obj->name) {
net_warn_ratelimited("%s(), Unable to allocate name!\n",
__func__);
@@ -326,7 +326,7 @@ void irias_add_integer_attrib(struct ias_object *obj, char *name, int value,
}
attrib->magic = IAS_ATTRIB_MAGIC;
- attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME, GFP_ATOMIC);
+ attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME - 1, GFP_ATOMIC);
/* Insert value */
attrib->value = irias_new_integer_value(value);
@@ -370,7 +370,7 @@ void irias_add_octseq_attrib(struct ias_object *obj, char *name, __u8 *octets,
}
attrib->magic = IAS_ATTRIB_MAGIC;
- attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME, GFP_ATOMIC);
+ attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME - 1, GFP_ATOMIC);
attrib->value = irias_new_octseq_value( octets, len);
if (!attrib->name || !attrib->value) {
@@ -412,7 +412,7 @@ void irias_add_string_attrib(struct ias_object *obj, char *name, char *value,
}
attrib->magic = IAS_ATTRIB_MAGIC;
- attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME, GFP_ATOMIC);
+ attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME - 1, GFP_ATOMIC);
attrib->value = irias_new_string_value(value);
if (!attrib->name || !attrib->value) {
@@ -468,7 +468,7 @@ struct ias_value *irias_new_string_value(char *string)
value->type = IAS_STRING;
value->charset = CS_ASCII;
- value->t.string = kstrndup(string, IAS_MAX_STRING, GFP_ATOMIC);
+ value->t.string = kstrndup(string, IAS_MAX_STRING - 1, GFP_ATOMIC);
if (!value->t.string) {
net_warn_ratelimited("%s: Unable to kmalloc!\n", __func__);
kfree(value);
If source string longer than max, kstrndup will alloc max+1 space. So, we should make sure the result will not over limit. Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> --- drivers/staging/irda/net/irias_object.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)