[PATCH 113/368] Staging: otus: off by one in usbdrvwext_siwessid()
Greg KH
greg at kroah.com
Thu Mar 4 12:04:51 PST 2010
From: Dan Carpenter <error27 at gmail.com>
A 33 char ESSID is too long and it could cause a buffer overflow
a couple lines below when we put a NULL terminator on the end.
Signed-off-by: Dan Carpenter <error27 at gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/staging/otus/ioctl.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/staging/otus/ioctl.c b/drivers/staging/otus/ioctl.c
index 6808e69..86d9333 100644
--- a/drivers/staging/otus/ioctl.c
+++ b/drivers/staging/otus/ioctl.c
@@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev,
return -EINVAL;
if (essid->flags == 1) {
- if (essid->length > (IW_ESSID_MAX_SIZE + 1))
+ if (essid->length > IW_ESSID_MAX_SIZE)
return -E2BIG;
if (copy_from_user(&EssidBuf, essid->pointer, essid->length))
--
1.7.0.1
More information about the devel
mailing list