[PATCH] libertas: beyond ARRAY_SIZE of defs.meshie.val.mesh_id
Dan Williams
dcbw at redhat.com
Wed May 20 18:12:17 EDT 2009
On Wed, 2009-05-20 at 02:08 +0200, Roel Kluin wrote:
> Do not go beyond ARRAY_SIZE of defs.meshie.val.mesh_id
>
> Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
> ---
> Or should the arraysize be increased by 1? please review.
I don't think we can increase the array size; I think what should
probably be done here is manually copy the mesh_id + '\0' + '\n' into
'buf' instead of trying to strcpy() it. If the mesh ID is currently
32-bytes in length, yeah, we'll overflow the local 'defs' array by one
byte when the 0 gets added to the end there, which is only done so taht
snprintf can be used.
Dan
> diff --git a/drivers/net/wireless/libertas/persistcfg.c b/drivers/net/wireless/libertas/persistcfg.c
> index 18fe29f..6e7b1f3 100644
> --- a/drivers/net/wireless/libertas/persistcfg.c
> +++ b/drivers/net/wireless/libertas/persistcfg.c
> @@ -187,9 +187,9 @@ static ssize_t mesh_id_get(struct device *dev, struct device_attribute *attr,
> if (ret)
> return ret;
>
> - if (defs.meshie.val.mesh_id_len > IW_ESSID_MAX_SIZE) {
> + if (defs.meshie.val.mesh_id_len >= IW_ESSID_MAX_SIZE) {
> lbs_pr_err("inconsistent mesh ID length");
> - defs.meshie.val.mesh_id_len = IW_ESSID_MAX_SIZE;
> + defs.meshie.val.mesh_id_len = IW_ESSID_MAX_SIZE - 1;
> }
>
> /* SSID not null terminated: reserve room for \0 + \n */
More information about the libertas-dev
mailing list