diff options
Diffstat (limited to 'net/wireless/nl80211.c')
| -rw-r--r-- | net/wireless/nl80211.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 88a565f130a5..f07602d7bf68 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -3406,11 +3406,11 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) | |||
| 3406 | i = 0; | 3406 | i = 0; |
| 3407 | if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { | 3407 | if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { |
| 3408 | nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { | 3408 | nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { |
| 3409 | request->ssids[i].ssid_len = nla_len(attr); | 3409 | if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { |
| 3410 | if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { | ||
| 3411 | err = -EINVAL; | 3410 | err = -EINVAL; |
| 3412 | goto out_free; | 3411 | goto out_free; |
| 3413 | } | 3412 | } |
| 3413 | request->ssids[i].ssid_len = nla_len(attr); | ||
| 3414 | memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); | 3414 | memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); |
| 3415 | i++; | 3415 | i++; |
| 3416 | } | 3416 | } |
| @@ -3572,12 +3572,11 @@ static int nl80211_start_sched_scan(struct sk_buff *skb, | |||
| 3572 | if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { | 3572 | if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { |
| 3573 | nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], | 3573 | nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], |
| 3574 | tmp) { | 3574 | tmp) { |
| 3575 | request->ssids[i].ssid_len = nla_len(attr); | 3575 | if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { |
| 3576 | if (request->ssids[i].ssid_len > | ||
| 3577 | IEEE80211_MAX_SSID_LEN) { | ||
| 3578 | err = -EINVAL; | 3576 | err = -EINVAL; |
| 3579 | goto out_free; | 3577 | goto out_free; |
| 3580 | } | 3578 | } |
| 3579 | request->ssids[i].ssid_len = nla_len(attr); | ||
| 3581 | memcpy(request->ssids[i].ssid, nla_data(attr), | 3580 | memcpy(request->ssids[i].ssid, nla_data(attr), |
| 3582 | nla_len(attr)); | 3581 | nla_len(attr)); |
| 3583 | i++; | 3582 | i++; |
| @@ -6464,7 +6463,8 @@ void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, | |||
| 6464 | if (addr) | 6463 | if (addr) |
| 6465 | NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); | 6464 | NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); |
| 6466 | NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); | 6465 | NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); |
| 6467 | NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); | 6466 | if (key_id != -1) |
| 6467 | NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); | ||
| 6468 | if (tsc) | 6468 | if (tsc) |
| 6469 | NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); | 6469 | NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); |
| 6470 | 6470 | ||