From: Dan Carpenter <error27@gmail.com>
Date: Fri, 29 Jul 2011 08:52:18 +0000 (+0300)
Subject: cfg80211: off by one in nl80211_trigger_scan()
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=84404623da45aac04595a8f5760a58df0e955d87;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

cfg80211: off by one in nl80211_trigger_scan()

The test is off by one so we'd read past the end of the
wiphy->bands[] array on the next line.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
---

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 28d2aa109bee..e83e7fee3bc0 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3464,7 +3464,7 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
 				    tmp) {
 			enum ieee80211_band band = nla_type(attr);
 
-			if (band < 0 || band > IEEE80211_NUM_BANDS) {
+			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
 				err = -EINVAL;
 				goto out_free;
 			}