Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

prism54: potential memory corruption in prism54_get_essid()

"dwrq->length" is the capped version of "essid->length".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter 13 years ago
parent
de3584bd62
commit
40f9cd299a
1 changed files with 1 additions and 1 deletions
Unified View Show Diff Stats
  1. 1 1
      drivers/net/wireless/prism54/isl_ioctl.c

+ 1 - 1
drivers/net/wireless/prism54/isl_ioctl.c
View File 

@@ -778,7 +778,7 @@ prism54_get_essid(struct net_device *ndev, struct iw_request_info *info,
 
 		dwrq->flags = 0;
 
 		dwrq->flags = 0;
 
 		dwrq->length = 0;
 
 		dwrq->length = 0;
 
 	}
 
 	}
 
-	essid->octets[essid->length] = '\0';
 
+	essid->octets[dwrq->length] = '\0';
 
 	memcpy(extra, essid->octets, dwrq->length);
 
 	memcpy(extra, essid->octets, dwrq->length);
 
 	kfree(essid);
 
 	kfree(essid);