On Thu, Jan 07, 2010 at 05:24:55PM -0500, Luis R. Rodriguez wrote: > --- a/net/wireless/reg.c > +++ b/net/wireless/reg.c > @@ -555,7 +555,7 @@ static struct ieee80211_regdomain *country_ie_2_rd( > /* 2 GHz */ > if (triplet->chans.first_channel <= 14) By the way, that looks completely bogus.. Channel number cannot be used to figure out whether this is 2.4 GHz or 5 GHz band (e.g., channel 8 is used in both). This really should be based on the band the frame with the Country IE was received. > end_channel = triplet->chans.first_channel + > - triplet->chans.num_channels; > + triplet->chans.num_channels - 1; Could be reasonable to verify that num_channels is not 0.. Based on a quick look, I did not notice places where negative end_channel value would trigger bad problems, but it would be safer to validate that the received information is valid before using it. -- Jouni Malinen PGP id EFC895FA -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
