From patchwork Fri Oct 26 16:54:25 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1652791 Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 0A2F340232 for ; Fri, 26 Oct 2012 16:55:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753917Ab2JZQzO (ORCPT ); Fri, 26 Oct 2012 12:55:14 -0400 Received: from contumacia.investici.org ([178.255.144.35]:58025 "EHLO contumacia.investici.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752254Ab2JZQzJ (ORCPT ); Fri, 26 Oct 2012 12:55:09 -0400 Received: from [178.255.144.35] (contumacia [178.255.144.35]) (Authenticated sender: ordex@autistici.org) by localhost (Postfix) with ESMTPSA id 2C180E8915; Fri, 26 Oct 2012 16:55:06 +0000 (UTC) X-DKIM: Sendmail DKIM Filter v2.8.2 contumacia.investici.org 2C180E8915 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1351270507; bh=eWgT1ui5wx7jmtaQCRFlT3iKM98P8NpYiBrrFGqlvuM=; h=From:To:Cc:Subject:Date:Message-Id; b=uLlVHFJTtWl4v8gkYhq/2ZaZXNYd/lsSw92Hhw/mtXlsg1D5MdTcI21ZwdjXfPb5u HfuldnzgFRE0cAZQSm3rUEIBJFV8Vnhv+xR73eW7esQrx0gnOrQ6p2pCBTpV9SUC/G DRk0DqV9vPNcjSNYupOBqkQcemHMoH6M0Qx/fdSw= From: Antonio Quartulli To: Johannes Berg Cc: "John W. Linville" , linux-wireless@vger.kernel.org, Antonio Quartulli Subject: [PATCH mac80211] mac80211: fix SSID copy on IBSS JOIN Date: Fri, 26 Oct 2012 18:54:25 +0200 Message-Id: <1351270465-18946-1-git-send-email-ordex@autistici.org> X-Mailer: git-send-email 1.7.12.4 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org The 'ssid' field of the cfg80211_ibss_params is a u8 pointer and therefore the length is likely to be less than IEEE80211_MAX_SSID_LEN most of the times. This patch fixes the ssid copy in ieee80211_ibss_join() by preventing it from reading beyond the string. Signed-off-by: Antonio Quartulli --- net/mac80211/ibss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c index 5f3620f..bf87c70 100644 --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c @@ -1108,7 +1108,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; sdata->u.ibss.ibss_join_req = jiffies; - memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN); + memcpy(sdata->u.ibss.ssid, params->ssid, params->ssid_len); sdata->u.ibss.ssid_len = params->ssid_len; mutex_unlock(&sdata->u.ibss.mtx);