Commit ad109ba1 authored by Gustavo A. R. Silva's avatar Gustavo A. R. Silva Committed by Greg Kroah-Hartman

staging: wilc1000: fix infinite loop and out-of-bounds access

If i < slot_id is initially true then it will remain true. Also,
as i is being decremented it will end up accessing memory out of
bounds.

Fix this by incrementing *i* instead of decrementing it.

Addresses-Coverity-ID: 1468454 ("Infinite loop")
Fixes: faa65764 ("staging: wilc1000: refactor scan() to free kmalloc memory on failure cases")
Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: default avatarAjay Singh <ajay.kathat@microchip.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent ba36d10e
...@@ -608,7 +608,7 @@ wilc_wfi_cfg_alloc_fill_ssid(struct cfg80211_scan_request *request, ...@@ -608,7 +608,7 @@ wilc_wfi_cfg_alloc_fill_ssid(struct cfg80211_scan_request *request,
out_free: out_free:
for (i = 0; i < slot_id ; i--) for (i = 0; i < slot_id; i++)
kfree(ntwk->net_info[i].ssid); kfree(ntwk->net_info[i].ssid);
kfree(ntwk->net_info); kfree(ntwk->net_info);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment