diff options
| author | Johannes Berg <johannes@sipsolutions.net> | 2008-01-28 11:08:56 -0500 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2008-02-29 15:19:32 -0500 |
| commit | 69d464d5938ca0f4fb3447b3e32872e0ca79efc1 (patch) | |
| tree | 6a04cac6d2f7ffaecbc9ef64fa0f5ffc6395910a | |
| parent | ee688b000d35f413f33561ec9c7d3355be561e2f (diff) | |
mac80211: fix scan band off-by-one error
When checking for the next band to advance to, there
was an off-by-one error that could lead to an access
to an invalid array index. Additionally, the later
check for scan_band >= IEEE80211_NUM_BANDS is not
required since that will never be true.
This also improves the comments related to that code.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
| -rw-r--r-- | net/mac80211/ieee80211_sta.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c index 2628222a5085..0d5e3fee8e53 100644 --- a/net/mac80211/ieee80211_sta.c +++ b/net/mac80211/ieee80211_sta.c | |||
| @@ -3412,22 +3412,28 @@ void ieee80211_sta_scan_work(struct work_struct *work) | |||
| 3412 | 3412 | ||
| 3413 | switch (local->scan_state) { | 3413 | switch (local->scan_state) { |
| 3414 | case SCAN_SET_CHANNEL: | 3414 | case SCAN_SET_CHANNEL: |
| 3415 | /* get current scan band */ | 3415 | /* |
| 3416 | * Get current scan band. scan_band may be IEEE80211_NUM_BANDS | ||
| 3417 | * after we successfully scanned the last channel of the last | ||
| 3418 | * band (and the last band is supported by the hw) | ||
| 3419 | */ | ||
| 3416 | if (local->scan_band < IEEE80211_NUM_BANDS) | 3420 | if (local->scan_band < IEEE80211_NUM_BANDS) |
| 3417 | sband = local->hw.wiphy->bands[local->scan_band]; | 3421 | sband = local->hw.wiphy->bands[local->scan_band]; |
| 3418 | else | 3422 | else |
| 3419 | sband = NULL; | 3423 | sband = NULL; |
| 3420 | 3424 | ||
| 3421 | /* if we started at an unsupported one, advance */ | 3425 | /* |
| 3422 | while (!sband && local->scan_band < IEEE80211_NUM_BANDS) { | 3426 | * If we are at an unsupported band and have more bands |
| 3427 | * left to scan, advance to the next supported one. | ||
| 3428 | */ | ||
| 3429 | while (!sband && local->scan_band < IEEE80211_NUM_BANDS - 1) { | ||
| 3423 | local->scan_band++; | 3430 | local->scan_band++; |
| 3424 | sband = local->hw.wiphy->bands[local->scan_band]; | 3431 | sband = local->hw.wiphy->bands[local->scan_band]; |
| 3425 | local->scan_channel_idx = 0; | 3432 | local->scan_channel_idx = 0; |
| 3426 | } | 3433 | } |
| 3427 | 3434 | ||
| 3428 | if (!sband || | 3435 | /* if no more bands/channels left, complete scan */ |
| 3429 | (local->scan_channel_idx >= sband->n_channels && | 3436 | if (!sband || local->scan_channel_idx >= sband->n_channels) { |
| 3430 | local->scan_band >= IEEE80211_NUM_BANDS)) { | ||
| 3431 | ieee80211_scan_completed(local_to_hw(local)); | 3437 | ieee80211_scan_completed(local_to_hw(local)); |
| 3432 | return; | 3438 | return; |
| 3433 | } | 3439 | } |
| @@ -3449,8 +3455,14 @@ void ieee80211_sta_scan_work(struct work_struct *work) | |||
| 3449 | } | 3455 | } |
| 3450 | } | 3456 | } |
| 3451 | 3457 | ||
| 3458 | /* advance state machine to next channel/band */ | ||
| 3452 | local->scan_channel_idx++; | 3459 | local->scan_channel_idx++; |
| 3453 | if (local->scan_channel_idx >= sband->n_channels) { | 3460 | if (local->scan_channel_idx >= sband->n_channels) { |
| 3461 | /* | ||
| 3462 | * scan_band may end up == IEEE80211_NUM_BANDS, but | ||
| 3463 | * we'll catch that case above and complete the scan | ||
| 3464 | * if that is the case. | ||
| 3465 | */ | ||
| 3454 | local->scan_band++; | 3466 | local->scan_band++; |
| 3455 | local->scan_channel_idx = 0; | 3467 | local->scan_channel_idx = 0; |
| 3456 | } | 3468 | } |