openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Staging: otus: off by one in usbdrvwext_siwessid() 

A 33 char ESSID is too long and it could cause a buffer overflow
a couple lines below when we put a NULL terminator on the end.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Dan Carpenter 2009-12-28 19:01:34 +02:00 committed by Greg Kroah-Hartman
parent ed30013207
commit 1c7e4a7c32
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/staging/otus/ioctl.c
View File

@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev,
return -EINVAL;
if (essid->flags == 1) {
if (essid->length > (IW_ESSID_MAX_SIZE + 1))
if (essid->length > IW_ESSID_MAX_SIZE)
return -E2BIG;
if (copy_from_user(&EssidBuf, essid->pointer, essid->length))