projects
/
linux-2.6-microblaze.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
cfg80211: check S1G beacon compat element length
[linux-2.6-microblaze.git]
/
net
/
wireless
/
scan.c
diff --git
a/net/wireless/scan.c
b/net/wireless/scan.c
index
019952d
..
758eb7d
100644
(file)
--- a/
net/wireless/scan.c
+++ b/
net/wireless/scan.c
@@
-2352,14
+2352,16
@@
cfg80211_inform_single_bss_frame_data(struct wiphy *wiphy,
return NULL;
if (ext) {
return NULL;
if (ext) {
- struct ieee80211_s1g_bcn_compat_ie *compat;
-
u8 *ie
;
+
const
struct ieee80211_s1g_bcn_compat_ie *compat;
+
const struct element *elem
;
- ie = (void *)cfg80211_find_ie(WLAN_EID_S1G_BCN_COMPAT,
- variable, ielen);
- if (!ie)
+ elem = cfg80211_find_elem(WLAN_EID_S1G_BCN_COMPAT,
+ variable, ielen);
+ if (!elem)
+ return NULL;
+ if (elem->datalen < sizeof(*compat))
return NULL;
return NULL;
- compat = (void *)
(ie + 2)
;
+ compat = (void *)
elem->data
;
bssid = ext->u.s1g_beacon.sa;
capability = le16_to_cpu(compat->compat_info);
beacon_int = le16_to_cpu(compat->beacon_int);
bssid = ext->u.s1g_beacon.sa;
capability = le16_to_cpu(compat->compat_info);
beacon_int = le16_to_cpu(compat->beacon_int);