From f05e0e0a05056d3920e2931e121550d2e2bf0b7a Mon Sep 17 00:00:00 2001 From: Zhu Yi Date: Thu, 19 Jan 2006 16:20:59 +0800 Subject: [PATCH] --- yaml --- r: 19066 b: refs/heads/master c: 55cd94aa1df8e575ab3236641d29d63ecdde5012 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/net/ieee80211/ieee80211_wx.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/[refs] b/[refs] index e4633f02a860..25c1ec509258 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: b6daa25d653f23252b340cbd7d2153d0b338e44c +refs/heads/master: 55cd94aa1df8e575ab3236641d29d63ecdde5012 diff --git a/trunk/net/ieee80211/ieee80211_wx.c b/trunk/net/ieee80211/ieee80211_wx.c index 23e1630f50b7..f87c6b89f845 100644 --- a/trunk/net/ieee80211/ieee80211_wx.c +++ b/trunk/net/ieee80211/ieee80211_wx.c @@ -232,15 +232,18 @@ static char *ipw2100_translate_scan(struct ieee80211_device *ieee, return start; } +#define SCAN_ITEM_SIZE 128 + int ieee80211_wx_get_scan(struct ieee80211_device *ieee, struct iw_request_info *info, union iwreq_data *wrqu, char *extra) { struct ieee80211_network *network; unsigned long flags; + int err = 0; char *ev = extra; - char *stop = ev + IW_SCAN_MAX_DATA; + char *stop = ev + wrqu->data.length; int i = 0; IEEE80211_DEBUG_WX("Getting scan\n"); @@ -249,6 +252,11 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee, list_for_each_entry(network, &ieee->network_list, list) { i++; + if (stop - ev < SCAN_ITEM_SIZE) { + err = -E2BIG; + break; + } + if (ieee->scan_age == 0 || time_after(network->last_scanned + ieee->scan_age, jiffies)) ev = ipw2100_translate_scan(ieee, ev, stop, network); @@ -270,7 +278,7 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee, IEEE80211_DEBUG_WX("exit: %d networks returned.\n", i); - return 0; + return err; } int ieee80211_wx_set_encode(struct ieee80211_device *ieee,