From 1c7e4a7c326c916918b5a29051db4f93973e775a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 28 Dec 2009 19:01:34 +0200 Subject: [PATCH] Staging: otus: off by one in usbdrvwext_siwessid() A 33 char ESSID is too long and it could cause a buffer overflow a couple lines below when we put a NULL terminator on the end. Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- drivers/staging/otus/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/otus/ioctl.c b/drivers/staging/otus/ioctl.c index 6808e69fb354..86d93330acad 100644 --- a/drivers/staging/otus/ioctl.c +++ b/drivers/staging/otus/ioctl.c @@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev, return -EINVAL; if (essid->flags == 1) { - if (essid->length > (IW_ESSID_MAX_SIZE + 1)) + if (essid->length > IW_ESSID_MAX_SIZE) return -E2BIG; if (copy_from_user(&EssidBuf, essid->pointer, essid->length)) -- 2.20.1