iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

iwmc3200wifi: add a range check to iwm_cfg80211_get_key()

Browse Source 
Smatch complains that "key_index" is capped at 5 in nl80211_get_key()
but iwm->keys[] only has 4 elements.  I don't know if this is really
needed, but the other ->get_key() implementations seemed to check
for overflows so I've added a check here.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Dan Carpenter
2011-10-12 11:10:37 +03:00
committed by John W. Linville
parent d83579e2a5
commit f9a703e173
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/net/wireless/iwmc3200wifi/cfg80211.c
View File

@@ -187,13 +187,17 @@ static int iwm_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev,
struct key_params*)) struct key_params*))
{ {
struct iwm_priv *iwm = ndev_to_iwm(ndev); struct iwm_priv *iwm = ndev_to_iwm(ndev);
struct iwm_key *key = &iwm->keys[key_index]; struct iwm_key *key;
struct key_params params; struct key_params params;
IWM_DBG_WEXT(iwm, DBG, "Getting key %d\n", key_index); IWM_DBG_WEXT(iwm, DBG, "Getting key %d\n", key_index);
if (key_index >= IWM_NUM_KEYS)
return -ENOENT;
memset(&params, 0, sizeof(params)); memset(&params, 0, sizeof(params));
key = &iwm->keys[key_index];
params.cipher = key->cipher; params.cipher = key->cipher;
params.key_len = key->key_len; params.key_len = key->key_len;
params.seq_len = key->seq_len; params.seq_len = key->seq_len;