diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2012-11-29 00:53:45 +0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2012-11-30 23:00:33 +0400 |
| commit | 904f137d478215b7c5c1daabae03618ed2f703cf (patch) | |
| tree | 5ce35a36a8e9240b4aa14f113e7c4892ffe9108d /drivers/net/wireless/mwifiex | |
| parent | 1b4e027e1b1176b70a59665c0de58c04c7a4e210 (diff) | |
| download | linux-904f137d478215b7c5c1daabae03618ed2f703cf.tar.xz | |
mwifiex: fix struct member mismatch
Using bss->information_elements and treating
bss->len_beacon_ies as its size is wrong, the
real size is len_information_elements.
Found while I was reviewing the use of this
cfg80211 API (as it is actually potentially
broken due to races.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/mwifiex')
| -rw-r--r-- | drivers/net/wireless/mwifiex/sta_ioctl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/net/wireless/mwifiex/sta_ioctl.c b/drivers/net/wireless/mwifiex/sta_ioctl.c index 237c8d2ba9f2..cf8918c044bb 100644 --- a/drivers/net/wireless/mwifiex/sta_ioctl.c +++ b/drivers/net/wireless/mwifiex/sta_ioctl.c @@ -161,8 +161,9 @@ int mwifiex_fill_new_bss_desc(struct mwifiex_private *priv, int ret; u8 *beacon_ie; struct mwifiex_bss_priv *bss_priv = (void *)bss->priv; + size_t beacon_ie_len = bss->len_information_elements; - beacon_ie = kmemdup(bss->information_elements, bss->len_beacon_ies, + beacon_ie = kmemdup(bss->information_elements, beacon_ie_len, GFP_KERNEL); if (!beacon_ie) { dev_err(priv->adapter->dev, " failed to alloc beacon_ie\n"); @@ -172,7 +173,7 @@ int mwifiex_fill_new_bss_desc(struct mwifiex_private *priv, memcpy(bss_desc->mac_address, bss->bssid, ETH_ALEN); bss_desc->rssi = bss->signal; bss_desc->beacon_buf = beacon_ie; - bss_desc->beacon_buf_size = bss->len_beacon_ies; + bss_desc->beacon_buf_size = beacon_ie_len; bss_desc->beacon_period = bss->beacon_interval; bss_desc->cap_info_bitmap = bss->capability; bss_desc->bss_band = bss_priv->band; |