diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2009-08-07 17:54:07 +0200 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2009-08-14 09:13:44 -0400 |
commit | 5ba63533bbf653631faab60f6988506160ec6ba4 (patch) | |
tree | 8d9ef2670cd3b2f50fe3581820fba5aca365634d /net/wireless | |
parent | ad5351db89681515681c5d5659ddf4c69e3cc6f5 (diff) | |
download | op-kernel-dev-5ba63533bbf653631faab60f6988506160ec6ba4.zip op-kernel-dev-5ba63533bbf653631faab60f6988506160ec6ba4.tar.gz |
cfg80211: fix alignment problem in scan request
The memory layout for scan requests was rather wrong,
we put the scan SSIDs before the channels which could
lead to the channel pointers being unaligned in memory.
It turns out that using a pointer to the channel array
isn't necessary anyway since we can embed a zero-length
array into the struct.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless')
-rw-r--r-- | net/wireless/nl80211.c | 3 | ||||
-rw-r--r-- | net/wireless/scan.c | 4 | ||||
-rw-r--r-- | net/wireless/sme.c | 3 |
3 files changed, 4 insertions, 6 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index b3d5c1d..667a87d 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3002,10 +3002,9 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) goto out; } - request->channels = (void *)((char *)request + sizeof(*request)); request->n_channels = n_channels; if (n_ssids) - request->ssids = (void *)(request->channels + n_channels); + request->ssids = (void *)&request->channels[n_channels]; request->n_ssids = n_ssids; if (ie_len) { if (request->ssids) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 1bcb131..e6c1f11 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -612,8 +612,8 @@ int cfg80211_wext_siwscan(struct net_device *dev, creq->wiphy = wiphy; creq->dev = dev; - creq->ssids = (void *)(creq + 1); - creq->channels = (void *)(creq->ssids + 1); + /* SSIDs come after channels */ + creq->ssids = (void *)&creq->channels[n_channels]; creq->n_channels = n_channels; creq->n_ssids = 1; diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 104b33e..8e2ef54 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -65,7 +65,6 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev) if (!request) return -ENOMEM; - request->channels = (void *)((char *)request + sizeof(*request)); if (wdev->conn->params.channel) request->channels[0] = wdev->conn->params.channel; else { @@ -82,7 +81,7 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev) } } request->n_channels = n_channels; - request->ssids = (void *)(request->channels + n_channels); + request->ssids = (void *)&request->channels[n_channels]; request->n_ssids = 1; memcpy(request->ssids[0].ssid, wdev->conn->params.ssid, |