diff options
| author | Johannes Berg <johannes@sipsolutions.net> | 2009-08-07 11:54:07 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2009-08-14 09:13:44 -0400 |
| commit | 5ba63533bbf653631faab60f6988506160ec6ba4 (patch) | |
| tree | 8d9ef2670cd3b2f50fe3581820fba5aca365634d /net/wireless | |
| parent | ad5351db89681515681c5d5659ddf4c69e3cc6f5 (diff) | |
cfg80211: fix alignment problem in scan request
The memory layout for scan requests was rather wrong,
we put the scan SSIDs before the channels which could
lead to the channel pointers being unaligned in memory.
It turns out that using a pointer to the channel array
isn't necessary anyway since we can embed a zero-length
array into the struct.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless')
| -rw-r--r-- | net/wireless/nl80211.c | 3 | ||||
| -rw-r--r-- | net/wireless/scan.c | 4 | ||||
| -rw-r--r-- | net/wireless/sme.c | 3 |
3 files changed, 4 insertions, 6 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index b3d5c1df08dd..667a87d307da 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -3002,10 +3002,9 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) | |||
| 3002 | goto out; | 3002 | goto out; |
| 3003 | } | 3003 | } |
| 3004 | 3004 | ||
| 3005 | request->channels = (void *)((char *)request + sizeof(*request)); | ||
| 3006 | request->n_channels = n_channels; | 3005 | request->n_channels = n_channels; |
| 3007 | if (n_ssids) | 3006 | if (n_ssids) |
| 3008 | request->ssids = (void *)(request->channels + n_channels); | 3007 | request->ssids = (void *)&request->channels[n_channels]; |
| 3009 | request->n_ssids = n_ssids; | 3008 | request->n_ssids = n_ssids; |
| 3010 | if (ie_len) { | 3009 | if (ie_len) { |
| 3011 | if (request->ssids) | 3010 | if (request->ssids) |
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 1bcb1312bd94..e6c1f11595da 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c | |||
| @@ -612,8 +612,8 @@ int cfg80211_wext_siwscan(struct net_device *dev, | |||
| 612 | 612 | ||
| 613 | creq->wiphy = wiphy; | 613 | creq->wiphy = wiphy; |
| 614 | creq->dev = dev; | 614 | creq->dev = dev; |
| 615 | creq->ssids = (void *)(creq + 1); | 615 | /* SSIDs come after channels */ |
| 616 | creq->channels = (void *)(creq->ssids + 1); | 616 | creq->ssids = (void *)&creq->channels[n_channels]; |
| 617 | creq->n_channels = n_channels; | 617 | creq->n_channels = n_channels; |
| 618 | creq->n_ssids = 1; | 618 | creq->n_ssids = 1; |
| 619 | 619 | ||
diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 104b33e34d22..8e2ef54ea714 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c | |||
| @@ -65,7 +65,6 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev) | |||
| 65 | if (!request) | 65 | if (!request) |
| 66 | return -ENOMEM; | 66 | return -ENOMEM; |
| 67 | 67 | ||
| 68 | request->channels = (void *)((char *)request + sizeof(*request)); | ||
| 69 | if (wdev->conn->params.channel) | 68 | if (wdev->conn->params.channel) |
| 70 | request->channels[0] = wdev->conn->params.channel; | 69 | request->channels[0] = wdev->conn->params.channel; |
| 71 | else { | 70 | else { |
| @@ -82,7 +81,7 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev) | |||
| 82 | } | 81 | } |
| 83 | } | 82 | } |
| 84 | request->n_channels = n_channels; | 83 | request->n_channels = n_channels; |
| 85 | request->ssids = (void *)(request->channels + n_channels); | 84 | request->ssids = (void *)&request->channels[n_channels]; |
| 86 | request->n_ssids = 1; | 85 | request->n_ssids = 1; |
| 87 | 86 | ||
| 88 | memcpy(request->ssids[0].ssid, wdev->conn->params.ssid, | 87 | memcpy(request->ssids[0].ssid, wdev->conn->params.ssid, |