mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-23 20:53:53 +08:00
Staging: otus: off by one in usbdrvwext_siwessid()
A 33 char ESSID is too long and it could cause a buffer overflow a couple lines below when we put a NULL terminator on the end. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
parent
ed30013207
commit
1c7e4a7c32
@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev,
|
||||
return -EINVAL;
|
||||
|
||||
if (essid->flags == 1) {
|
||||
if (essid->length > (IW_ESSID_MAX_SIZE + 1))
|
||||
if (essid->length > IW_ESSID_MAX_SIZE)
|
||||
return -E2BIG;
|
||||
|
||||
if (copy_from_user(&EssidBuf, essid->pointer, essid->length))
|
||||
|
Loading…
Reference in New Issue
Block a user