target/linux/s3c24xx/patches-2.6.24/1289-ar6k-essid-one-and-32.patch.patch

   1 From 89e2c1f006e4d5936a8e0edec74d64b71063e3c1 Mon Sep 17 00:00:00 2001
   2 From: Werner Almesberger <werner@openmoko.org>
   3 Date: Tue, 16 Sep 2008 08:54:07 +0100
   4 Subject: [PATCH] ar6k-essid-one-and-32.patch
   5
   6 This patch allows ESSID with length 1, which were rejected because the
   7 stack assumed iwconfig used a different format in the ioctl's payload.
   8
   9 It also refuses ESSIDs longer than 31 bytes, because there is some
  10 buffer overrun issue buried somewhere else in the stack. In principle,
  11 32 bytes should be fine.
  12
  13 Open issue:
  14 - where is the 32 bytes overrun ?
  15
  16 Signed-off-by: Werner Almesberger <werner@openmoko.org>
  17 ---
  18  .../function/wlan/ar6000/ar6000/wireless_ext.c     |    9 ++++-----
  19  1 files changed, 4 insertions(+), 5 deletions(-)
  20
  21 diff --git a/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c b/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
  22 index ede8e62..56ceb2e 100644
  23 --- a/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
  24 +++ b/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
  25 @@ -264,12 +264,11 @@ ar6000_ioctl_siwessid(struct net_device *dev,
  26      }
  27
  28      /*
  29 -     * iwconfig passes a null terminated string with length including this
  30 -     * so we need to account for this
  31 +     * iwconfig passes a string with length excluding any trailing NUL.
  32 +     * FIXME: we should be able to set an ESSID of 32 bytes, yet things fall
  33 +     * over badly if we do. So we limit the ESSID to 31 bytes.
  34       */
  35 -    if (data->flags && (!data->length || (data->length == 1) ||
  36 -        ((data->length - 1) > sizeof(ar->arSsid))))
  37 -    {
  38 +    if (data->flags && (!data->length || data->length >= sizeof(ar->arSsid))) {
  39          /*
  40           * ssid is invalid
  41           */
  42 --
  43 1.5.6.5
  44