git.baikalelectronics.ru Git - kernel.git/commit

author	Luciano Coelho <coelho@ti.com>
	Tue, 7 Jun 2011 17:42:26 +0000 (20:42 +0300)
committer	John W. Linville <linville@tuxdriver.com>
	Tue, 7 Jun 2011 18:19:07 +0000 (14:19 -0400)
commit	9af9c676bc7420cd272aacb6aa1b7b174d34cfb9
tree	2873dc389e21115f1b674134baf1fae0ecdbb087	tree \| snapshot
parent	0973113dac9c5a0225023c69f106309479707738	commit \| diff

nl80211: fix overflow in ssid_len

When one of the SSID's length passed in a scan or sched_scan request
is larger than 255, there will be an overflow in the u8 that is used
to store the length before checking. This causes the check to fail
and we overrun the buffer when copying the SSID.

Fix this by checking the nl80211 attribute length before copying it to
the struct.

This is a follow up for the previous commit
348052b8d3477d22e25227e367351bf71434b6fb, which didn't fix the problem
entirely.

Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>