summaryrefslogtreecommitdiff
path: root/drivers/net/wireless/ath/ath6kl/init.c
diff options
context:
space:
mode:
authorKalle Valo <kvalo@qca.qualcomm.com>2011-12-13 16:51:58 +0400
committerKalle Valo <kvalo@qca.qualcomm.com>2011-12-13 17:03:48 +0400
commit277d90f4ba4b7ebb35b85a5d6c58dce2f1e1b58d (patch)
tree283dbcbc7ae065b4704538bb0a868e62fdd9de1d /drivers/net/wireless/ath/ath6kl/init.c
parent75ae3bc48fc8f5d1e5f5fe43cd07078325a6194b (diff)
downloadlinux-277d90f4ba4b7ebb35b85a5d6c58dce2f1e1b58d.tar.xz
ath6kl: fix reading of FW IE capabilities
For some strange reason I used ALIGN() to calculate index to the buffer. That is totally bogus and wouldn't work when it tried to read the second bit. Fix it by removing the ALIGN() altogether. Also check that ie_len is not too short. Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Diffstat (limited to 'drivers/net/wireless/ath/ath6kl/init.c')
-rw-r--r--drivers/net/wireless/ath/ath6kl/init.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/net/wireless/ath/ath6kl/init.c b/drivers/net/wireless/ath/ath6kl/init.c
index c97f83ca0ff2..5753f00a0c0d 100644
--- a/drivers/net/wireless/ath/ath6kl/init.c
+++ b/drivers/net/wireless/ath/ath6kl/init.c
@@ -913,12 +913,15 @@ static int ath6kl_fetch_fw_api2(struct ath6kl *ar)
ar->hw.reserved_ram_size);
break;
case ATH6KL_FW_IE_CAPABILITIES:
+ if (ie_len < DIV_ROUND_UP(ATH6KL_FW_CAPABILITY_MAX, 8))
+ break;
+
ath6kl_dbg(ATH6KL_DBG_BOOT,
"found firmware capabilities ie (%zd B)\n",
ie_len);
for (i = 0; i < ATH6KL_FW_CAPABILITY_MAX; i++) {
- index = ALIGN(i, 8) / 8;
+ index = i / 8;
bit = i % 8;
if (data[index] & (1 << bit))