On Fri, Aug 27, 2010 at 02:43:57PM -0700, Kees Cook wrote: > Hi Jean, > > The comment should probably be clarified -- it's the caller's iwp->length > that may be causing problems Ha ! I see. It would be for regular iwpoint queries, not for extended NOMAX queries (scan is a extended NOMAX query). Note that I don't like the idea of reducing the mallocated size, especially with regular queries, as I know that some driver may expect a fixed size in extra and may memcpy to it without double checking. > Regardless, the above patch would appear to limit the copy_to_user > to only the kzalloced region. I'm glad you like it. > Thanks! > > -Kees Regards, Jean -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
