staging: rtl8723au: Check kmalloc return value and fix size of memcpy()

author Jes Sorensen <Jes.Sorensen@redhat.com>

Sat, 26 Apr 2014 16:54:49 +0000 (18:54 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 26 Apr 2014 17:16:11 +0000 (10:16 -0700)
author Jes Sorensen <Jes.Sorensen@redhat.com>
Sat, 26 Apr 2014 16:54:49 +0000 (18:54 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 26 Apr 2014 17:16:11 +0000 (10:16 -0700)
diff --git a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c

index 68991dca1cbf582d1767d35412de85b31ec82a49..3a729a0a85b53f32c6fb3380ee7fccb4d52c3da1 100644 (file)
--- a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
+++ b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
@@ -4510,7 +4510,7 @@ u8 collect_bss_info23a(struct rtw_adapter *padapter,
         }
         ie_offset -= offsetof(struct ieee80211_mgmt, u);
  
-       bssid->Length = sizeof(struct wlan_bssid_ex) - MAX_IE_SZ + length;
+       bssid->Length = offsetof(struct wlan_bssid_ex, IEs) + length;
  
         /* below is to copy the information element */
         bssid->IELength = length;
diff --git a/drivers/staging/rtl8723au/core/rtw_wlan_util.c b/drivers/staging/rtl8723au/core/rtw_wlan_util.c

index 646e468a630d4303364ad4876fc54e157e76aade..f2d77123cbc065195eccaf6188e0a251109d68c7 100644 (file)
--- a/drivers/staging/rtl8723au/core/rtw_wlan_util.c
+++ b/drivers/staging/rtl8723au/core/rtw_wlan_util.c
@@ -899,15 +899,17 @@ int rtw_check_bcn_info23a(struct rtw_adapter *Adapter,
         }
  
         bssid = (struct wlan_bssid_ex *)kzalloc(sizeof(struct wlan_bssid_ex),
-               GFP_ATOMIC);
+                                               GFP_ATOMIC);
+       if (!bssid)
+               return _FAIL;
  
         bssid->reserved = 1;
  
-       bssid->Length = sizeof(struct wlan_bssid_ex) - MAX_IE_SZ + len;
+       bssid->Length = offsetof(struct wlan_bssid_ex, IEs) + len;
  
         /* below is to copy the information element */
         bssid->IELength = len;
-       memcpy(bssid->IEs, &mgmt->u, bssid->IELength);
+       memcpy(bssid->IEs, &mgmt->u, len);
  
         /* check bw and channel offset */
         /* parsing HT_CAP_IE */
@@ -1589,9 +1591,11 @@ void update_bmc_sta_support_rate23a(struct rtw_adapter *padapter, u32 mac_id)
  
         if (pmlmeext->cur_wireless_mode & WIRELESS_11B) {
                 /*  Only B, B/G, and B/G/N AP could use CCK rate */
-               memcpy((pmlmeinfo->FW_sta_info[mac_id].SupportedRates), rtw_basic_rate_cck, 4);
+               memcpy((pmlmeinfo->FW_sta_info[mac_id].SupportedRates),
+                      rtw_basic_rate_cck, 4);
         } else {
-               memcpy((pmlmeinfo->FW_sta_info[mac_id].SupportedRates), rtw_basic_rate_ofdm, 4);
+               memcpy((pmlmeinfo->FW_sta_info[mac_id].SupportedRates),
+                      rtw_basic_rate_ofdm, 3);
         }
  }
author	Jes Sorensen <Jes.Sorensen@redhat.com>
	Sat, 26 Apr 2014 16:54:49 +0000 (18:54 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 26 Apr 2014 17:16:11 +0000 (10:16 -0700)
drivers/staging/rtl8723au/core/rtw_mlme_ext.c		patch \| blob \| history
drivers/staging/rtl8723au/core/rtw_wlan_util.c		patch \| blob \| history