nl80211: fix MAC address validation MAC addresses have a fixed length. The current policy allows passing < ETH_ALEN bytes, which might result in reading beyond the buffer. Cc: stable@vger.kernel.org Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>

commit: e007b857e88097c96c45620bf3b04a4e309053d1 [log] [tgz]
author: Eliad Peller <eliad@wizery.com> Thu Nov 24 18:13:56 2011 +0200
committer: John W. Linville <linville@tuxdriver.com> Mon Nov 28 13:46:40 2011 -0500
tree: 3ebc3353b33539c33e50335c9391f8727e826614
parent: 82e5fc2a34fa9ffea38f00c4066b7e600a0ca5e6 [diff] [blame]
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index b3a476f..ffafda5 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c

@@ -89,8 +89,8 @@
 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
 
-	[NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
-	[NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
+	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
+	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
 
 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
commit	e007b857e88097c96c45620bf3b04a4e309053d1	[log] [tgz]
author	Eliad Peller <eliad@wizery.com>	Thu Nov 24 18:13:56 2011 +0200
committer	John W. Linville <linville@tuxdriver.com>	Mon Nov 28 13:46:40 2011 -0500
tree	3ebc3353b33539c33e50335c9391f8727e826614
parent	82e5fc2a34fa9ffea38f00c4066b7e600a0ca5e6 [diff] [blame]