aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2012-11-28 21:53:45 +0100
committerJohn W. Linville <linville@tuxdriver.com>2012-11-30 14:00:33 -0500
commit904f137d478215b7c5c1daabae03618ed2f703cf (patch)
tree5ce35a36a8e9240b4aa14f113e7c4892ffe9108d
parent1b4e027e1b1176b70a59665c0de58c04c7a4e210 (diff)
downloadkernel_goldelico_gta04-904f137d478215b7c5c1daabae03618ed2f703cf.zip
kernel_goldelico_gta04-904f137d478215b7c5c1daabae03618ed2f703cf.tar.gz
kernel_goldelico_gta04-904f137d478215b7c5c1daabae03618ed2f703cf.tar.bz2
mwifiex: fix struct member mismatch
Using bss->information_elements and treating bss->len_beacon_ies as its size is wrong, the real size is len_information_elements. Found while I was reviewing the use of this cfg80211 API (as it is actually potentially broken due to races.) Signed-off-by: Johannes Berg <johannes.berg@intel.com> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--drivers/net/wireless/mwifiex/sta_ioctl.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/net/wireless/mwifiex/sta_ioctl.c b/drivers/net/wireless/mwifiex/sta_ioctl.c
index 237c8d2b..cf8918c 100644
--- a/drivers/net/wireless/mwifiex/sta_ioctl.c
+++ b/drivers/net/wireless/mwifiex/sta_ioctl.c
@@ -161,8 +161,9 @@ int mwifiex_fill_new_bss_desc(struct mwifiex_private *priv,
int ret;
u8 *beacon_ie;
struct mwifiex_bss_priv *bss_priv = (void *)bss->priv;
+ size_t beacon_ie_len = bss->len_information_elements;
- beacon_ie = kmemdup(bss->information_elements, bss->len_beacon_ies,
+ beacon_ie = kmemdup(bss->information_elements, beacon_ie_len,
GFP_KERNEL);
if (!beacon_ie) {
dev_err(priv->adapter->dev, " failed to alloc beacon_ie\n");
@@ -172,7 +173,7 @@ int mwifiex_fill_new_bss_desc(struct mwifiex_private *priv,
memcpy(bss_desc->mac_address, bss->bssid, ETH_ALEN);
bss_desc->rssi = bss->signal;
bss_desc->beacon_buf = beacon_ie;
- bss_desc->beacon_buf_size = bss->len_beacon_ies;
+ bss_desc->beacon_buf_size = beacon_ie_len;
bss_desc->beacon_period = bss->beacon_interval;
bss_desc->cap_info_bitmap = bss->capability;
bss_desc->bss_band = bss_priv->band;