diff options
-rw-r--r-- | net/ieee80211/ieee80211_wx.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/net/ieee80211/ieee80211_wx.c b/net/ieee80211/ieee80211_wx.c index 23e1630f50b7..f87c6b89f845 100644 --- a/net/ieee80211/ieee80211_wx.c +++ b/net/ieee80211/ieee80211_wx.c | |||
@@ -232,15 +232,18 @@ static char *ipw2100_translate_scan(struct ieee80211_device *ieee, | |||
232 | return start; | 232 | return start; |
233 | } | 233 | } |
234 | 234 | ||
235 | #define SCAN_ITEM_SIZE 128 | ||
236 | |||
235 | int ieee80211_wx_get_scan(struct ieee80211_device *ieee, | 237 | int ieee80211_wx_get_scan(struct ieee80211_device *ieee, |
236 | struct iw_request_info *info, | 238 | struct iw_request_info *info, |
237 | union iwreq_data *wrqu, char *extra) | 239 | union iwreq_data *wrqu, char *extra) |
238 | { | 240 | { |
239 | struct ieee80211_network *network; | 241 | struct ieee80211_network *network; |
240 | unsigned long flags; | 242 | unsigned long flags; |
243 | int err = 0; | ||
241 | 244 | ||
242 | char *ev = extra; | 245 | char *ev = extra; |
243 | char *stop = ev + IW_SCAN_MAX_DATA; | 246 | char *stop = ev + wrqu->data.length; |
244 | int i = 0; | 247 | int i = 0; |
245 | 248 | ||
246 | IEEE80211_DEBUG_WX("Getting scan\n"); | 249 | IEEE80211_DEBUG_WX("Getting scan\n"); |
@@ -249,6 +252,11 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee, | |||
249 | 252 | ||
250 | list_for_each_entry(network, &ieee->network_list, list) { | 253 | list_for_each_entry(network, &ieee->network_list, list) { |
251 | i++; | 254 | i++; |
255 | if (stop - ev < SCAN_ITEM_SIZE) { | ||
256 | err = -E2BIG; | ||
257 | break; | ||
258 | } | ||
259 | |||
252 | if (ieee->scan_age == 0 || | 260 | if (ieee->scan_age == 0 || |
253 | time_after(network->last_scanned + ieee->scan_age, jiffies)) | 261 | time_after(network->last_scanned + ieee->scan_age, jiffies)) |
254 | ev = ipw2100_translate_scan(ieee, ev, stop, network); | 262 | ev = ipw2100_translate_scan(ieee, ev, stop, network); |
@@ -270,7 +278,7 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee, | |||
270 | 278 | ||
271 | IEEE80211_DEBUG_WX("exit: %d networks returned.\n", i); | 279 | IEEE80211_DEBUG_WX("exit: %d networks returned.\n", i); |
272 | 280 | ||
273 | return 0; | 281 | return err; |
274 | } | 282 | } |
275 | 283 | ||
276 | int ieee80211_wx_set_encode(struct ieee80211_device *ieee, | 284 | int ieee80211_wx_set_encode(struct ieee80211_device *ieee, |