首页 发现 帮助
登录
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

wireless: iwlwifi3945/4965 - fix incorrect counting of memory

This patch does fix incorrect counting of memory allocated by kmalloc.
It seems that could lead to allocated memory overrun and corrupt
nearlaid memory area.

Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Acked-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cyrill Gorcunov 18 年之前
父节点
fdfb92eab5
当前提交
18904f5839
共有 2 个文件被更改,包括 2 次插入2 次删除
分列视图 显示文件统计
  1. 1 1
      drivers/net/wireless/iwlwifi/iwl3945-base.c
  2. 1 1
      drivers/net/wireless/iwlwifi/iwl4965-base.c

+ 1 - 1
drivers/net/wireless/iwlwifi/iwl3945-base.c
查看文件 

@@ -6628,7 +6628,7 @@ static void iwl3945_bg_request_scan(struct work_struct *data)
 
 	 * that based on the direct_mask added to each channel entry */
 
 	scan->tx_cmd.len = cpu_to_le16(
 
 		iwl3945_fill_probe_req(priv, (struct ieee80211_mgmt *)scan->data,
 
-			IWL_MAX_SCAN_SIZE - sizeof(scan), 0));
 
+			IWL_MAX_SCAN_SIZE - sizeof(*scan), 0));
 
 	scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK;
 
 	scan->tx_cmd.sta_id = priv->hw_setting.bcast_sta_id;
 
 	scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;

+ 1 - 1
drivers/net/wireless/iwlwifi/iwl4965-base.c
查看文件 

@@ -7046,7 +7046,7 @@ static void iwl4965_bg_request_scan(struct work_struct *data)
 
 	 * that based on the direct_mask added to each channel entry */
 
 	scan->tx_cmd.len = cpu_to_le16(
 
 		iwl4965_fill_probe_req(priv, (struct ieee80211_mgmt *)scan->data,
 
-			IWL_MAX_SCAN_SIZE - sizeof(scan), 0));
 
+			IWL_MAX_SCAN_SIZE - sizeof(*scan), 0));
 
 	scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK;
 
 	scan->tx_cmd.sta_id = priv->hw_setting.bcast_sta_id;
 
 	scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;