Commit fd0fc521 authored by Dan Carpenter's avatar Dan Carpenter Committed by John W. Linville

mwifiex: potential corruption in mwifiex_update_uap_custom_ie()

ap_custom_ie is a struct mwifiex_ie_list which is quite different and
also larger than struct mwifiex_ie.  It's a difference between 4196
bytes and 262.
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Tested-by: default avatarStone Piao <piaoyun@marvell.com>
Acked-by: default avatarBing Zhao <bzhao@marvell.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 046b6802
...@@ -160,7 +160,7 @@ mwifiex_update_uap_custom_ie(struct mwifiex_private *priv, ...@@ -160,7 +160,7 @@ mwifiex_update_uap_custom_ie(struct mwifiex_private *priv,
u16 len; u16 len;
int ret; int ret;
ap_custom_ie = kzalloc(sizeof(struct mwifiex_ie), GFP_KERNEL); ap_custom_ie = kzalloc(sizeof(*ap_custom_ie), GFP_KERNEL);
if (!ap_custom_ie) if (!ap_custom_ie)
return -ENOMEM; return -ENOMEM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment