c1f8ca1d837148bf061d6ffa2038366e3cf0e4d7 - fp2-dev/kernel/msm

commit	c1f8ca1d837148bf061d6ffa2038366e3cf0e4d7	[log] [tgz]
author	Jussi Kivilinna <jussi.kivilinna@mbnet.fi>	Sun Nov 22 20:16:42 2009 +0200
committer	John W. Linville <linville@tuxdriver.com>	Mon Nov 23 17:05:40 2009 -0500
tree	99fca98ff500fedf95d68a0c6ae3772490d0d9ce
parent	841507f5c1a5d2f196afb12e95eb11914f029832 [diff]

rndis_wlan: fix buffer overflow in rndis_query_oid

rndis_query_oid overwrites *len which stores buffer size to return full size
of received command and then uses *len with memcpy to fill buffer with
command.

Ofcourse memcpy should be done before replacing buffer size.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

drivers/net/wireless/rndis_wlan.c[diff]

1 file changed

tree: 99fca98ff500fedf95d68a0c6ae3772490d0d9ce