wl12xx: simplify wl1271_ssid_set()
authorEliad Peller <eliad@wizery.com>
Sun, 1 May 2011 06:56:45 +0000 (09:56 +0300)
committerLuciano Coelho <coelho@ti.com>
Thu, 12 May 2011 21:06:31 +0000 (00:06 +0300)
Simplify wl1271_ssid_set by re-using cfg80211_find_ie instead of
reimplementing it.

Additionally, add a length check to prevent a potential buffer overflow.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
drivers/net/wireless/wl12xx/main.c

index 6dab6f0c91bc0d3b914bf3f51fd783a7798208fd..f82e736ba197973e313f1cef4f73887183dd0dc9 100644 (file)
@@ -2376,20 +2376,24 @@ out:
 static int wl1271_ssid_set(struct wl1271 *wl, struct sk_buff *skb,
                            int offset)
 {
-       u8 *ptr = skb->data + offset;
+       u8 ssid_len;
+       const u8 *ptr = cfg80211_find_ie(WLAN_EID_SSID, skb->data + offset,
+                                        skb->len - offset);
 
-       /* find the location of the ssid in the beacon */
-       while (ptr < skb->data + skb->len) {
-               if (ptr[0] == WLAN_EID_SSID) {
-                       wl->ssid_len = ptr[1];
-                       memcpy(wl->ssid, ptr+2, wl->ssid_len);
-                       return 0;
-               }
-               ptr += (ptr[1] + 2);
+       if (!ptr) {
+               wl1271_error("No SSID in IEs!");
+               return -ENOENT;
        }
 
-       wl1271_error("No SSID in IEs!\n");
-       return -ENOENT;
+       ssid_len = ptr[1];
+       if (ssid_len > IEEE80211_MAX_SSID_LEN) {
+               wl1271_error("SSID is too long!");
+               return -EINVAL;
+       }
+
+       wl->ssid_len = ssid_len;
+       memcpy(wl->ssid, ptr+2, ssid_len);
+       return 0;
 }
 
 static int wl1271_bss_erp_info_changed(struct wl1271 *wl,