Staging: otus: off by one in usbdrvwext_siwessid()

A 33 char ESSID is too long and it could cause a buffer overflow a couple lines below when we put a NULL terminator on the end. Signed-off-by: N Dan Carpenter <error27@gmail.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@suse.de>

Staging: otus: off by one in usbdrvwext_siwessid()
A 33 char ESSID is too long and it could cause a buffer overflow a couple lines below when we put a NULL terminator on the end. Signed-off-by: N Dan Carpenter <error27@gmail.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@suse.de>
1c7e4a7c · Dan Carpenter · Greg Kroah-Hartman · ed300132 · 1c7e4a7c
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/staging/otus/ioctl.c drivers/staging/otus/ioctl.c +1 -1

未找到文件。
--- a/drivers/staging/otus/ioctl.c
+++ b/drivers/staging/otus/ioctl.c
@@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev,
 		return -EINVAL;

 	if (essid->flags == 1) {
-		if (essid->length > (IW_ESSID_MAX_SIZE + 1))
+		if (essid->length > IW_ESSID_MAX_SIZE)
 			return -E2BIG;

 		if (copy_from_user(&EssidBuf, essid->pointer, essid->length))