aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/mac80211/main.c13
-rw-r--r--net/mac80211/util.c2
-rw-r--r--net/wireless/nl80211.c7
3 files changed, 21 insertions, 1 deletions
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index fbcbed6cad01..ee58a7873699 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -728,7 +728,18 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
728 return NULL; 728 return NULL;
729 729
730 wiphy->privid = mac80211_wiphy_privid; 730 wiphy->privid = mac80211_wiphy_privid;
731 wiphy->max_scan_ssids = 4; 731
732 if (!ops->hw_scan) {
733 /* For hw_scan, driver needs to set these up. */
734 wiphy->max_scan_ssids = 4;
735
736 /* we support a maximum of 32 rates in cfg80211 */
737 wiphy->max_scan_ie_len = IEEE80211_MAX_DATA_LEN
738 - 2 - 32 /* SSID */
739 - 4 - 32 /* (ext) supp rates */;
740
741 }
742
732 /* Yes, putting cfg80211_bss into ieee80211_bss is a hack */ 743 /* Yes, putting cfg80211_bss into ieee80211_bss is a hack */
733 wiphy->bss_priv_size = sizeof(struct ieee80211_bss) - 744 wiphy->bss_priv_size = sizeof(struct ieee80211_bss) -
734 sizeof(struct cfg80211_bss); 745 sizeof(struct cfg80211_bss);
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index fdf432f14554..05caf34f31da 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -890,6 +890,8 @@ void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
890 *pos = rate->bitrate / 5; 890 *pos = rate->bitrate / 5;
891 } 891 }
892 892
893 /* if adding more here, adjust max_scan_ie_len */
894
893 if (ie) 895 if (ie)
894 memcpy(skb_put(skb, ie_len), ie, ie_len); 896 memcpy(skb_put(skb, ie_len), ie, ie_len);
895 897
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 1394115cde95..447fa1790b4e 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -181,6 +181,8 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
181 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 181 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
182 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 182 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
183 dev->wiphy.max_scan_ssids); 183 dev->wiphy.max_scan_ssids);
184 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
185 dev->wiphy.max_scan_ie_len);
184 186
185 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES); 187 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
186 if (!nl_modes) 188 if (!nl_modes)
@@ -2528,6 +2530,11 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
2528 else 2530 else
2529 ie_len = 0; 2531 ie_len = 0;
2530 2532
2533 if (ie_len > wiphy->max_scan_ie_len) {
2534 err = -EINVAL;
2535 goto out;
2536 }
2537
2531 request = kzalloc(sizeof(*request) 2538 request = kzalloc(sizeof(*request)
2532 + sizeof(*ssid) * n_ssids 2539 + sizeof(*ssid) * n_ssids
2533 + sizeof(channel) * n_channels 2540 + sizeof(channel) * n_channels