p54: Initialize extra_len in p54_tx_80211

This patch fixes a very serious off-by-one bug in the driver, which could leave the device in an unresponsive state. The problem was that the extra_len variable [used to reserve extra scratch buffer space for the firmware] was left uninitialized. Because p54_assign_address later needs the value to reserve additional space, the resulting frame could be to big for the small device's memory window and everything would immediately come to a grinding halt. Reference: https://bugs.launchpad.net/bugs/722185 Cc: <stable@kernel.org> Acked-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: Jason Conti <jason.conti@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Jason Conti <jason.conti@gmail.com> 2011-04-07 15:09:57 -0400
committer: John W. Linville <linville@tuxdriver.com> 2011-04-08 13:06:30 -0400
commit: a6756da9eace8b4af73e9dea43f1fc2889224c94 (patch)
tree: 7f1ac79ad2de9f422119f45d723af9bf3eb7bd66 /drivers/net/wireless/p54
parent: 96f372c95d32f76fa2b0e035e0a6269234bfda09 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/wireless/p54/txrx.c b/drivers/net/wireless/p54/txrx.c
index 7834c26c2954..042842e704de 100644
--- a/drivers/net/wireless/p54/txrx.c
+++ b/drivers/net/wireless/p54/txrx.c
@@ -703,7 +703,7 @@ void p54_tx_80211(struct ieee80211_hw *dev, struct sk_buff *skb)
        struct p54_tx_info *p54info;
        struct p54_hdr *hdr;
        struct p54_tx_data *txhdr;
-        unsigned int padding, len, extra_len;
+        unsigned int padding, len, extra_len = 0;
        int i, j, ridx;
        u16 hdr_flags = 0, aid = 0;
        u8 rate, queue = 0, crypt_offset = 0;
author	Jason Conti <jason.conti@gmail.com>	2011-04-07 15:09:57 -0400
committer	John W. Linville <linville@tuxdriver.com>	2011-04-08 13:06:30 -0400
commit	a6756da9eace8b4af73e9dea43f1fc2889224c94 (patch)
tree	7f1ac79ad2de9f422119f45d723af9bf3eb7bd66 /drivers/net/wireless/p54
parent	96f372c95d32f76fa2b0e035e0a6269234bfda09 (diff)

diff --git a/drivers/net/wireless/p54/txrx.c b/drivers/net/wireless/p54/txrx.c index 7834c26c2954..042842e704de 100644 --- a/drivers/net/wireless/p54/txrx.c +++ b/drivers/net/wireless/p54/txrx.c
@@ -703,7 +703,7 @@ void p54_tx_80211(struct ieee80211_hw dev, struct sk_buff skb)
703	struct p54_tx_info *p54info;	703	struct p54_tx_info *p54info;
704	struct p54_hdr *hdr;	704	struct p54_hdr *hdr;
705	struct p54_tx_data *txhdr;	705	struct p54_tx_data *txhdr;
706	unsigned int padding, len, extra_len;	706	unsigned int padding, len, extra_len = 0;
707	int i, j, ridx;	707	int i, j, ridx;
708	u16 hdr_flags = 0, aid = 0;	708	u16 hdr_flags = 0, aid = 0;
709	u8 rate, queue = 0, crypt_offset = 0;	709	u8 rate, queue = 0, crypt_offset = 0;