openwrt/target/linux/s3c24xx/patches-2.6.24/1289-ar6k-essid-one-and-32.patch.patch

45 lines
1.7 KiB
Diff

From 89e2c1f006e4d5936a8e0edec74d64b71063e3c1 Mon Sep 17 00:00:00 2001
From: Werner Almesberger <werner@openmoko.org>
Date: Tue, 16 Sep 2008 08:54:07 +0100
Subject: [PATCH] ar6k-essid-one-and-32.patch
This patch allows ESSID with length 1, which were rejected because the
stack assumed iwconfig used a different format in the ioctl's payload.
It also refuses ESSIDs longer than 31 bytes, because there is some
buffer overrun issue buried somewhere else in the stack. In principle,
32 bytes should be fine.
Open issue:
- where is the 32 bytes overrun ?
Signed-off-by: Werner Almesberger <werner@openmoko.org>
---
.../function/wlan/ar6000/ar6000/wireless_ext.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c b/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
index ede8e62..56ceb2e 100644
--- a/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
+++ b/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
@@ -264,12 +264,11 @@ ar6000_ioctl_siwessid(struct net_device *dev,
}
/*
- * iwconfig passes a null terminated string with length including this
- * so we need to account for this
+ * iwconfig passes a string with length excluding any trailing NUL.
+ * FIXME: we should be able to set an ESSID of 32 bytes, yet things fall
+ * over badly if we do. So we limit the ESSID to 31 bytes.
*/
- if (data->flags && (!data->length || (data->length == 1) ||
- ((data->length - 1) > sizeof(ar->arSsid))))
- {
+ if (data->flags && (!data->length || data->length >= sizeof(ar->arSsid))) {
/*
* ssid is invalid
*/
--
1.5.6.5