This is a note to let you know that I've just added the patch titled
mwifiex: limit channel number not to overflow memory
to the 3.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
mwifiex-limit-channel-number-not-to-overflow-memory.patch
and it can be found in the queue-3.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 901ceba4e81e9dd6b4a3c4c37ee22000a6c5c65f Mon Sep 17 00:00:00 2001
From: Stone Piao <piaoyun@xxxxxxxxxxx>
Date: Fri, 29 Mar 2013 19:21:21 -0700
Subject: mwifiex: limit channel number not to overflow memory
From: Stone Piao <piaoyun@xxxxxxxxxxx>
commit 901ceba4e81e9dd6b4a3c4c37ee22000a6c5c65f upstream.
Limit the channel number in scan request, or the driver scan
config structure memory will be overflowed.
Signed-off-by: Stone Piao <piaoyun@xxxxxxxxxxx>
Signed-off-by: Bing Zhao <bzhao@xxxxxxxxxxx>
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/wireless/mwifiex/cfg80211.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -1846,7 +1846,8 @@ mwifiex_cfg80211_scan(struct wiphy *wiph
}
}
- for (i = 0; i < request->n_channels; i++) {
+ for (i = 0; i < min_t(u32, request->n_channels,
+ MWIFIEX_USER_SCAN_CHAN_MAX); i++) {
chan = request->channels[i];
priv->user_scan_cfg->chan_list[i].chan_number = chan->hw_value;
priv->user_scan_cfg->chan_list[i].radio_type = chan->band;
Patches currently in stable-queue which might be from piaoyun@xxxxxxxxxxx are
queue-3.8/mwifiex-limit-channel-number-not-to-overflow-memory.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html