Staging: wlan-ng: memsetting the wrong amount of data

p80211item_pstr6_t is the size of "msg1.bssid" (16 bytes) but msg1.bssid.data is type p80211pstr6_t and it is smaller (7 bytes). We had just set that memory to zeroes earlier and now we're writing over it with 0xff because we're writing past the end of the struct. I don't know if this actually causes a problem. It may be that we initialize the extra 0xff bytes correctly later. But the current code is obviously wrong and we should fix it. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
git-mirror · Feb 24, 2012 · 1ca1a92 · 1ca1a92
1 parent d8aa3e2
commit 1ca1a92
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c
@@ -356,7 +356,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev,
 	msg1.msgcode = DIDmsg_dot11req_scan;
 	msg1.bsstype.data = P80211ENUM_bsstype_any;
 
-	memset(&(msg1.bssid.data), 0xFF, sizeof(p80211item_pstr6_t));
+	memset(&msg1.bssid.data, 0xFF, sizeof(msg1.bssid.data));
 	msg1.bssid.data.len = 6;
 
 	if (request->n_ssids > 0) {