Staging: wlan-ng: memsetting the wrong amount of data

p80211item_pstr6_t is the size of "msg1.bssid" (16 bytes) but msg1.bssid.data is type p80211pstr6_t and it is smaller (7 bytes). We had just set that memory to zeroes earlier and now we're writing over it with 0xff because we're writing past the end of the struct. I don't know if this actually causes a problem. It may be that we initialize the extra 0xff bytes correctly later. But the current code is obviously wrong and we should fix it. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Staging: wlan-ng: memsetting the wrong amount of data
p80211item_pstr6_t is the size of "msg1.bssid" (16 bytes) but msg1.bssid.data is type p80211pstr6_t and it is smaller (7 bytes). We had just set that memory to zeroes earlier and now we're writing over it with 0xff because we're writing past the end of the struct. I don't know if this actually causes a problem. It may be that we initialize the extra 0xff bytes correctly later. But the current code is obviously wrong and we should fix it. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1ca1a92c · Dan Carpenter · Greg Kroah-Hartman · d8aa3e26 · 1ca1a92c
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/staging/wlan-ng/cfg80211.c drivers/staging/wlan-ng/cfg80211.c +1 -1

未找到文件。
--- a/drivers/staging/wlan-ng/cfg80211.c
+++ b/drivers/staging/wlan-ng/cfg80211.c
@@ -356,7 +356,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev,
 	msg1.msgcode = DIDmsg_dot11req_scan;
 	msg1.bsstype.data = P80211ENUM_bsstype_any;
-	memset(&(msg1.bssid.data), 0xFF, sizeof(p80211item_pstr6_t));
+	memset(&msg1.bssid.data, 0xFF, sizeof(msg1.bssid.data));
 	msg1.bssid.data.len = 6;
 	if (request->n_ssids > 0) {