net: s2io: fix buffer overflow

vpd_data[] is allocated as kmalloc(256, GFP_KERNEL), so if cnt = 255
then (cnt + 3) overflows 256. memset() is executed without checking.
vpd_data[cnt+2] must be less than 256-cnt-2 as the latter is number of
vpd_data[] elements to copy.

Do not fill with zero the beginning of nic->serial_num as it will
be filled with vpd_data[].

String in product_name[] should be terminated by '\0'.

Signed-off-by: Kulikov Vasiliy <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed