From 1ca1a92cc6d337a149d1e37d4ab0db8ad45b0fde Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Tue, 21 Feb 2012 17:18:38 +0300 Subject: [PATCH] Staging: wlan-ng: memsetting the wrong amount of data p80211item_pstr6_t is the size of "msg1.bssid" (16 bytes) but msg1.bssid.data is type p80211pstr6_t and it is smaller (7 bytes). We had just set that memory to zeroes earlier and now we're writing over it with 0xff because we're writing past the end of the struct. I don't know if this actually causes a problem. It may be that we initialize the extra 0xff bytes correctly later. But the current code is obviously wrong and we should fix it. Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- drivers/staging/wlan-ng/cfg80211.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c index fb466f4c92e0..d518b315b368 100644 --- a/drivers/staging/wlan-ng/cfg80211.c +++ b/drivers/staging/wlan-ng/cfg80211.c @@ -356,7 +356,7 @@ int prism2_scan(struct wiphy *wiphy, struct net_device *dev, msg1.msgcode = DIDmsg_dot11req_scan; msg1.bsstype.data = P80211ENUM_bsstype_any; - memset(&(msg1.bssid.data), 0xFF, sizeof(p80211item_pstr6_t)); + memset(&msg1.bssid.data, 0xFF, sizeof(msg1.bssid.data)); msg1.bssid.data.len = 6; if (request->n_ssids > 0) { -- 2.20.1