All of lore.kernel.org
 help / color / mirror / Atom feed
* [patch] prism54: potential memory corruption in prism54_get_essid()
@ 2011-11-21 14:47 ` Dan Carpenter
  0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2011-11-21 14:47 UTC (permalink / raw)
  To: Luis R. Rodriguez; +Cc: John W. Linville, linux-wireless, kernel-janitors

"dwrq->length" is the capped version of "essid->length".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/net/wireless/prism54/isl_ioctl.c b/drivers/net/wireless/prism54/isl_ioctl.c
index d97a2ca..bc2ba80 100644
--- a/drivers/net/wireless/prism54/isl_ioctl.c
+++ b/drivers/net/wireless/prism54/isl_ioctl.c
@@ -778,7 +778,7 @@ prism54_get_essid(struct net_device *ndev, struct iw_request_info *info,
 		dwrq->flags = 0;
 		dwrq->length = 0;
 	}
-	essid->octets[essid->length] = '\0';
+	essid->octets[dwrq->length] = '\0';
 	memcpy(extra, essid->octets, dwrq->length);
 	kfree(essid);
 

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [patch] prism54: potential memory corruption in prism54_get_essid()
@ 2011-11-21 14:47 ` Dan Carpenter
  0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2011-11-21 14:47 UTC (permalink / raw)
  To: Luis R. Rodriguez; +Cc: John W. Linville, linux-wireless, kernel-janitors

"dwrq->length" is the capped version of "essid->length".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/net/wireless/prism54/isl_ioctl.c b/drivers/net/wireless/prism54/isl_ioctl.c
index d97a2ca..bc2ba80 100644
--- a/drivers/net/wireless/prism54/isl_ioctl.c
+++ b/drivers/net/wireless/prism54/isl_ioctl.c
@@ -778,7 +778,7 @@ prism54_get_essid(struct net_device *ndev, struct iw_request_info *info,
 		dwrq->flags = 0;
 		dwrq->length = 0;
 	}
-	essid->octets[essid->length] = '\0';
+	essid->octets[dwrq->length] = '\0';
 	memcpy(extra, essid->octets, dwrq->length);
 	kfree(essid);
 

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-11-21 14:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-11-21 14:47 [patch] prism54: potential memory corruption in prism54_get_essid() Dan Carpenter
2011-11-21 14:47 ` Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.