Staging: otus: off by one in usbdrvwext_siwessid()

A 33 char ESSID is too long and it could cause a buffer overflow
a couple lines below when we put a NULL terminator on the end.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Dan Carpenter 2009-12-28 19:01:34 +02:00 committed by Greg Kroah-Hartman
parent ed30013207
commit 1c7e4a7c32

View file

@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev,
return -EINVAL;
if (essid->flags == 1) {
if (essid->length > (IW_ESSID_MAX_SIZE + 1))
if (essid->length > IW_ESSID_MAX_SIZE)
return -E2BIG;
if (copy_from_user(&EssidBuf, essid->pointer, essid->length))