Staging: otus: off by one in usbdrvwext_siwessid()
A 33 char ESSID is too long and it could cause a buffer overflow a couple lines below when we put a NULL terminator on the end. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
parent
ed30013207
commit
1c7e4a7c32
1 changed files with 1 additions and 1 deletions
|
@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev,
|
|||
return -EINVAL;
|
||||
|
||||
if (essid->flags == 1) {
|
||||
if (essid->length > (IW_ESSID_MAX_SIZE + 1))
|
||||
if (essid->length > IW_ESSID_MAX_SIZE)
|
||||
return -E2BIG;
|
||||
|
||||
if (copy_from_user(&EssidBuf, essid->pointer, essid->length))
|
||||
|
|
Loading…
Reference in a new issue