This makes sure a format string cannot leak into the work queue name nor
the printk buffer.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/rtl8192ee/base.c | 2 +-
drivers/staging/rtl8192ee/btcoexist/halbtcoutsrc.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8192ee/base.c b/drivers/staging/rtl8192ee/base.c
index 64ade216a153..a7c69f704623 100644
--- a/drivers/staging/rtl8192ee/base.c
+++ b/drivers/staging/rtl8192ee/base.c
@@ -469,7 +469,7 @@ static void _rtl_init_deferred_work(struct ieee80211_hw *hw)
rtl92e_easy_concurrent_retrytimer_callback, (unsigned
long)hw);
/* <2> work queue */
rtlpriv->works.hw = hw;
- rtlpriv->works.rtl_wq = alloc_workqueue(rtlpriv->cfg->name, 0, 0);
+ rtlpriv->works.rtl_wq = alloc_workqueue("%s", 0, 0, rtlpriv->cfg->name);
INIT_DELAYED_WORK(&rtlpriv->works.watchdog_wq,
(void *)rtl92e_watchdog_wq_callback);
INIT_DELAYED_WORK(&rtlpriv->works.ips_nic_off_wq,
diff --git a/drivers/staging/rtl8192ee/btcoexist/halbtcoutsrc.h
b/drivers/staging/rtl8192ee/btcoexist/halbtcoutsrc.h
index c0a4286430a5..1231b16205f2 100644
--- a/drivers/staging/rtl8192ee/btcoexist/halbtcoutsrc.h
+++ b/drivers/staging/rtl8192ee/btcoexist/halbtcoutsrc.h
@@ -94,7 +94,7 @@ extern u32 btc_92edbg_type[];
#define CL_SPRINTF snprintf
-#define CL_PRINTF printk
+#define CL_PRINTF(buf) printk("%s", buf)
#define BTC_PRINT(dbgtype, dbgflag, printstr, ...) \
do { \
--
1.7.9.5
--
Kees Cook
Chrome OS Security
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
