Arend Van Spriel <arend.vanspriel@xxxxxxxxxxxx> writes: > On 19-7-2016 1:24, Florian Fainelli wrote: >> struct ieee80211_rts::ra is only ETH_ALEN wide, yet we attempt to copy 2 >> * ETH_ALEN, which will potentially overrun the destination buffer. > > NACK - this is intentional. Have to admit it is a bit of trickery. > struct ieee80211_rts is mapped over struct d11txh which is sent to > hardware. The struct is used for both RTS and CTS. Transmitting CTS will > only fill 802.11 addr2 in struct ieee80211_rts::ra. Transmitting RTS > fills 802.11 addr1 in ra and 802.11 addr2 in ta using single memcpy(). > Not very clear, but your change is not the way to go here. Maybe add a comment explaining that? -- Kalle Valo -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
