diff options
| author | Dan Carpenter <dan.carpenter@oracle.com> | 2012-02-21 09:18:38 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2012-02-24 15:03:13 -0500 |
| commit | 1ca1a92cc6d337a149d1e37d4ab0db8ad45b0fde (patch) | |
| tree | a058acb43f83a0cf1d63425db49fc5a152a819d0 | |
| parent | d8aa3e26f48cf42ef8cf74cedd50e6961b10ff54 (diff) | |
Staging: wlan-ng: memsetting the wrong amount of data
p80211item_pstr6_t is the size of "msg1.bssid" (16 bytes) but
msg1.bssid.data is type p80211pstr6_t and it is smaller (7 bytes). We
had just set that memory to zeroes earlier and now we're writing over it
with 0xff because we're writing past the end of the struct.
I don't know if this actually causes a problem. It may be that we
initialize the extra 0xff bytes correctly later. But the current code
is obviously wrong and we should fix it.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/staging/wlan-ng/cfg80211.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c index fb466f4c92e..d518b315b36 100644 --- a/drivers/staging/wlan-ng/cfg80211.c +++ b/drivers/staging/wlan-ng/cfg80211.c | |||
| @@ -356,7 +356,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev, | |||
| 356 | msg1.msgcode = DIDmsg_dot11req_scan; | 356 | msg1.msgcode = DIDmsg_dot11req_scan; |
| 357 | msg1.bsstype.data = P80211ENUM_bsstype_any; | 357 | msg1.bsstype.data = P80211ENUM_bsstype_any; |
| 358 | 358 | ||
| 359 | memset(&(msg1.bssid.data), 0xFF, sizeof(p80211item_pstr6_t)); | 359 | memset(&msg1.bssid.data, 0xFF, sizeof(msg1.bssid.data)); |
| 360 | msg1.bssid.data.len = 6; | 360 | msg1.bssid.data.len = 6; |
| 361 | 361 | ||
| 362 | if (request->n_ssids > 0) { | 362 | if (request->n_ssids > 0) { |