Commit 18904f58 authored by Cyrill Gorcunov's avatar Cyrill Gorcunov Committed by David S. Miller

wireless: iwlwifi3945/4965 - fix incorrect counting of memory

This patch does fix incorrect counting of memory allocated by kmalloc.
It seems that could lead to allocated memory overrun and corrupt
nearlaid memory area.
Signed-off-by: default avatarCyrill Gorcunov <gorcunov@gmail.com>
Acked-by: default avatarTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent fdfb92ea
...@@ -6628,7 +6628,7 @@ static void iwl3945_bg_request_scan(struct work_struct *data) ...@@ -6628,7 +6628,7 @@ static void iwl3945_bg_request_scan(struct work_struct *data)
* that based on the direct_mask added to each channel entry */ * that based on the direct_mask added to each channel entry */
scan->tx_cmd.len = cpu_to_le16( scan->tx_cmd.len = cpu_to_le16(
iwl3945_fill_probe_req(priv, (struct ieee80211_mgmt *)scan->data, iwl3945_fill_probe_req(priv, (struct ieee80211_mgmt *)scan->data,
IWL_MAX_SCAN_SIZE - sizeof(scan), 0)); IWL_MAX_SCAN_SIZE - sizeof(*scan), 0));
scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK; scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK;
scan->tx_cmd.sta_id = priv->hw_setting.bcast_sta_id; scan->tx_cmd.sta_id = priv->hw_setting.bcast_sta_id;
scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE; scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
......
...@@ -7046,7 +7046,7 @@ static void iwl4965_bg_request_scan(struct work_struct *data) ...@@ -7046,7 +7046,7 @@ static void iwl4965_bg_request_scan(struct work_struct *data)
* that based on the direct_mask added to each channel entry */ * that based on the direct_mask added to each channel entry */
scan->tx_cmd.len = cpu_to_le16( scan->tx_cmd.len = cpu_to_le16(
iwl4965_fill_probe_req(priv, (struct ieee80211_mgmt *)scan->data, iwl4965_fill_probe_req(priv, (struct ieee80211_mgmt *)scan->data,
IWL_MAX_SCAN_SIZE - sizeof(scan), 0)); IWL_MAX_SCAN_SIZE - sizeof(*scan), 0));
scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK; scan->tx_cmd.tx_flags = TX_CMD_FLG_SEQ_CTL_MSK;
scan->tx_cmd.sta_id = priv->hw_setting.bcast_sta_id; scan->tx_cmd.sta_id = priv->hw_setting.bcast_sta_id;
scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE; scan->tx_cmd.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment