tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'we21-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into tmp
+32
-1
+32
-1
net/core/wireless.c
+32
-1
net/core/wireless.c
···
748
748
int extra_size;
749
749
int user_length = 0;
750
750
int err;
751
+
int essid_compat = 0;
751
752
752
753
/* Calculate space needed by arguments. Always allocate
753
754
* for max space. Easier, and won't last long... */
754
755
extra_size = descr->max_tokens * descr->token_size;
756
+
757
+
/* Check need for ESSID compatibility for WE < 21 */
758
+
switch (cmd) {
759
+
case SIOCSIWESSID:
760
+
case SIOCGIWESSID:
761
+
case SIOCSIWNICKN:
762
+
case SIOCGIWNICKN:
763
+
if (iwr->u.data.length == descr->max_tokens + 1)
764
+
essid_compat = 1;
765
+
else if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
766
+
char essid[IW_ESSID_MAX_SIZE + 1];
767
+
768
+
err = copy_from_user(essid, iwr->u.data.pointer,
769
+
iwr->u.data.length *
770
+
descr->token_size);
771
+
if (err)
772
+
return -EFAULT;
773
+
774
+
if (essid[iwr->u.data.length - 1] == '\0')
775
+
essid_compat = 1;
776
+
}
777
+
break;
778
+
default:
779
+
break;
780
+
}
781
+
782
+
iwr->u.data.length -= essid_compat;
755
783
756
784
/* Check what user space is giving us */
757
785
if(IW_IS_SET(cmd)) {
···
823
795
#endif /* WE_IOCTL_DEBUG */
824
796
825
797
/* Create the kernel buffer */
826
-
extra = kmalloc(extra_size, GFP_KERNEL);
798
+
/* kzalloc ensures NULL-termination for essid_compat */
799
+
extra = kzalloc(extra_size, GFP_KERNEL);
827
800
if (extra == NULL) {
828
801
return -ENOMEM;
829
802
}
···
847
818
848
819
/* Call the handler */
849
820
ret = handler(dev, &info, &(iwr->u), extra);
821
+
822
+
iwr->u.data.length += essid_compat;
850
823
851
824
/* If we have something to return to the user */
852
825
if (!ret && IW_IS_GET(cmd)) {