Commit 30dd3ed ("mac80211: don't hang on to sched_scan_ies")
converted sched_scan_ies to a local variable.
However, since it wasn't initialized, in a case of
unsupported band, sched_scan_ies.ie[] was uninitialized,
and freeing it could corrupt the memory.
Fix it by simply initializing sched_scan_ies to 0.
Signed-off-by: Eliad Peller <eliad@xxxxxxxxxx>
---
net/mac80211/scan.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 13d2329..8e9bb168 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -934,7 +934,7 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
struct cfg80211_sched_scan_request *req)
{
struct ieee80211_local *local = sdata->local;
- struct ieee80211_sched_scan_ies sched_scan_ies;
+ struct ieee80211_sched_scan_ies sched_scan_ies = {};
int ret, i;
mutex_lock(&local->mtx);
--
1.7.6.401.g6a319
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
