From: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
To: linux-wireless@vger.kernel.org
Cc: "John W. Linville" <linville@tuxdriver.com>
Subject: [PATCH 3/8] rndis_wlan: resize bssid list if too small
Date: Fri, 28 Aug 2009 12:59:00 +0300 [thread overview]
Message-ID: <20090828095900.10554.29607.stgit@fate.lan> (raw)
In-Reply-To: <20090828095849.10554.58857.stgit@fate.lan>
Buffer used for bssid list might be too small. Change rndis_query_oid()
to return required buffer length to caller and make rndis_check_bssid_list()
resize buffer when needed.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
---
drivers/net/wireless/rndis_wlan.c | 17 +++++++++++++++--
1 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
index 3779621..2309ad2 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
@@ -676,7 +676,8 @@ static int rndis_query_oid(struct usbnet *dev, __le32 oid, void *data, int *len)
if (ret == 0) {
ret = le32_to_cpu(u.get_c->len);
- *len = (*len > ret) ? ret : *len;
+ if (ret > *len)
+ *len = ret;
memcpy(data, u.buf + le32_to_cpu(u.get_c->offset) + 8, *len);
ret = rndis_error_status(u.get_c->status);
@@ -1656,6 +1657,9 @@ static struct cfg80211_bss *rndis_bss_info_update(struct usbnet *usbdev,
int ie_len, bssid_len;
u8 *ie;
+ devdbg(usbdev, " found bssid: '%.32s' [%pM]", bssid->ssid.essid,
+ bssid->mac);
+
/* parse bssid structure */
bssid_len = le32_to_cpu(bssid->length);
@@ -1695,10 +1699,12 @@ static int rndis_check_bssid_list(struct usbnet *usbdev)
struct ndis_80211_bssid_list_ex *bssid_list;
struct ndis_80211_bssid_ex *bssid;
int ret = -EINVAL, len, count, bssid_len;
+ bool resized = false;
devdbg(usbdev, "check_bssid_list");
len = CONTROL_BUFFER_SIZE;
+resize_buf:
buf = kmalloc(len, GFP_KERNEL);
if (!buf) {
ret = -ENOMEM;
@@ -1709,11 +1715,18 @@ static int rndis_check_bssid_list(struct usbnet *usbdev)
if (ret != 0)
goto out;
+ if (!resized && len > CONTROL_BUFFER_SIZE) {
+ resized = true;
+ kfree(buf);
+ goto resize_buf;
+ }
+
bssid_list = buf;
bssid = bssid_list->bssid;
bssid_len = le32_to_cpu(bssid->length);
count = le32_to_cpu(bssid_list->num_items);
- devdbg(usbdev, "check_bssid_list: %d BSSIDs found", count);
+ devdbg(usbdev, "check_bssid_list: %d BSSIDs found (buflen: %d)", count,
+ len);
while (count && ((void *)bssid + bssid_len) <= (buf + len)) {
rndis_bss_info_update(usbdev, bssid);
next prev parent reply other threads:[~2009-08-28 9:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-28 9:58 [PATCH 1/8] rndis_wlan: ignore OID_802_11_ADD_KEY triggered media connect indications Jussi Kivilinna
2009-08-28 9:58 ` [PATCH 2/8] rndis_wlan: get bssid scan list before new scan Jussi Kivilinna
2009-08-28 9:59 ` Jussi Kivilinna [this message]
2009-08-28 9:59 ` [PATCH 4/8] rndis_wlan: increase scan timer delay Jussi Kivilinna
2009-08-28 9:59 ` [PATCH 5/8] rndis_wlan: move link up/down work to separate functions Jussi Kivilinna
2009-08-28 9:59 ` [PATCH 6/8] rndis_wlan: use is_zero_ether_addr() and is_broadcast_ether_addr() Jussi Kivilinna
2009-08-28 9:59 ` [PATCH 7/8] rndis_wlan: set ieee80211_ptr->iftype in rndis_change_virtual_intf Jussi Kivilinna
2009-08-28 9:59 ` [PATCH 8/8] rndis_wlan: enable infrastructure before setting random essid Jussi Kivilinna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090828095900.10554.29607.stgit@fate.lan \
--to=jussi.kivilinna@mbnet.fi \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).