On Thu, Dec 17, 2009 at 07:15:08AM +0800, Daniel Mack wrote: > On Wed, Dec 16, 2009 at 08:57:47AM -0800, Dan Williams wrote: > > On Wed, 2009-12-16 at 05:12 +0100, Daniel Mack wrote: > > > The libertas driver copies the SSID buffer back to the wireless core and > > > appends a trailing NULL character for termination. This is > > > > > > a) unnecessary because the buffer is allocated with kzalloc and is hence > > > already NULLed when this function is called, and > > > > > > b) for priv->curbssparams.ssid_len == 32, it writes back one byte too > > > much which causes memory corruptions. > > > > > > Fix this by removing the extra write. > > > > Acked-by: Dan Williams <dcbw@xxxxxxxxxx> > > Thanks, everyone. Who will care to pick an queue this one? Is there some reason it wouldn't be me? John -- John W. Linville Someday the world will need a hero, and you linville@xxxxxxxxxxxxx might be all we have. Be ready. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
