net80211 drivers: fix ieee80211_init_channels() usage

Fix out-of-bounds read (all) / write (11n capable) for drivers
that are using ieee80211_init_channels() to initialize channel list.

Tested with:
 * RTL8188EU, STA mode.
 * RTL8188CUS, STA mode.
 * WUSB54GC, HOSTAP mode.

Approved by:	adrian (mentor)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D4818

1 files changed, 5 insertions, 5 deletions

diff --git a/sys/dev/rtwn/if_rtwn.c b/sys/dev/rtwn/if_rtwn.c
index 6fedf7d..ec17cdc 100644
--- a/sys/dev/rtwn/if_rtwn.c
+++ b/sys/dev/rtwn/if_rtwn.c
@@ -251,7 +251,7 @@ rtwn_attach(device_t dev)
 	struct rtwn_softc *sc = device_get_softc(dev);
 	struct ieee80211com *ic = &sc->sc_ic;
 	uint32_t lcsr;
-	uint8_t bands;
+	uint8_t bands[howmany(IEEE80211_MODE_MAX, 8)];
 	int i, count, error, rid;
 
 	sc->sc_dev = dev;
@@ -353,10 +353,10 @@ rtwn_attach(device_t dev)
 		| IEEE80211_C_WME		/* 802.11e */
 		;
 
-	bands = 0;
-	setbit(&bands, IEEE80211_MODE_11B);
-	setbit(&bands, IEEE80211_MODE_11G);
-	ieee80211_init_channels(ic, NULL, &bands);
+	memset(bands, 0, sizeof(bands));
+	setbit(bands, IEEE80211_MODE_11B);
+	setbit(bands, IEEE80211_MODE_11G);
+	ieee80211_init_channels(ic, NULL, bands);
 
 	ieee80211_ifattach(ic);