Commit 848ce511 authored by Malcolm Priestley's avatar Malcolm Priestley Committed by Greg Kroah-Hartman

staging: vt6656: iwctl_giwaplist/device_ioctl : use off stack buffers.

Calls ioctl SIOCGIWAPLIST use off stack buffers.

clears up warning messages.
main_usb.c:2015:1: warning: the frame size of 1888 bytes is larger than 1024 bytes [-Wframe-larger-than=]
iwctl.c:683:1: warning: the frame size of 1280 bytes is larger than 1024 bytes [-Wframe-larger-than=]
Signed-off-by: default avatarMalcolm Priestley <tvboxspy@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent b87ea759
...@@ -632,47 +632,56 @@ int iwctl_giwap(struct net_device *dev, struct iw_request_info *info, ...@@ -632,47 +632,56 @@ int iwctl_giwap(struct net_device *dev, struct iw_request_info *info,
* Wireless Handler: get ap list * Wireless Handler: get ap list
*/ */
int iwctl_giwaplist(struct net_device *dev, struct iw_request_info *info, int iwctl_giwaplist(struct net_device *dev, struct iw_request_info *info,
struct iw_point *wrq, char *extra) struct iw_point *wrq, u8 *extra)
{ {
struct sockaddr *sock;
struct iw_quality *qual;
PSDevice pDevice = netdev_priv(dev);
PSMgmtObject pMgmt = &pDevice->sMgmtObj;
PKnownBSS pBSS = &pMgmt->sBSSList[0];
int ii; int ii;
int jj; int jj;
int rc = 0;
struct sockaddr sock[IW_MAX_AP];
struct iw_quality qual[IW_MAX_AP];
PSDevice pDevice = netdev_priv(dev);
PSMgmtObject pMgmt = &(pDevice->sMgmtObj);
DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO " SIOCGIWAPLIST \n"); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO " SIOCGIWAPLIST\n");
// Only super-user can see AP list /* Only super-user can see AP list */
if (!capable(CAP_NET_ADMIN)) { if (pBSS == NULL)
rc = -EPERM; return -ENODEV;
return rc;
}
if (wrq->pointer) { if (!capable(CAP_NET_ADMIN))
PKnownBSS pBSS = &(pMgmt->sBSSList[0]); return -EPERM;
for (ii = 0, jj= 0; ii < MAX_BSS_NUM; ii++) { if (!wrq->pointer)
pBSS = &(pMgmt->sBSSList[ii]); return -EINVAL;
if (!pBSS->bActive)
sock = kzalloc(sizeof(struct sockaddr) * IW_MAX_AP, GFP_KERNEL);
qual = kzalloc(sizeof(struct iw_quality) * IW_MAX_AP, GFP_KERNEL);
if (sock == NULL || qual == NULL)
return -ENOMEM;
for (ii = 0, jj = 0; ii < MAX_BSS_NUM; ii++) {
if (!pBSS[ii].bActive)
continue; continue;
if (jj >= IW_MAX_AP) if (jj >= IW_MAX_AP)
break; break;
memcpy(sock[jj].sa_data, pBSS->abyBSSID, 6); memcpy(sock[jj].sa_data, pBSS[ii].abyBSSID, 6);
sock[jj].sa_family = ARPHRD_ETHER; sock[jj].sa_family = ARPHRD_ETHER;
qual[jj].level = pBSS->uRSSI; qual[jj].level = pBSS[ii].uRSSI;
qual[jj].qual = qual[jj].noise = 0; qual[jj].qual = qual[jj].noise = 0;
qual[jj].updated = 2; qual[jj].updated = 2;
jj++; jj++;
} }
wrq->flags = 1; // Should be defined wrq->flags = 1; /* Should be defined */
wrq->length = jj; wrq->length = jj;
memcpy(extra, sock, sizeof(struct sockaddr) * jj); memcpy(extra, sock, sizeof(struct sockaddr) * jj);
memcpy(extra + sizeof(struct sockaddr) * jj, qual, sizeof(struct iw_quality) * jj); memcpy(extra + sizeof(struct sockaddr) * jj, qual,
} sizeof(struct iw_quality) * jj);
return rc;
kfree(sock);
kfree(qual);
return 0;
} }
/* /*
......
...@@ -1556,11 +1556,11 @@ static struct net_device_stats *device_get_stats(struct net_device *dev) { ...@@ -1556,11 +1556,11 @@ static struct net_device_stats *device_get_stats(struct net_device *dev) {
static int device_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) { static int device_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) {
PSDevice pDevice = (PSDevice)netdev_priv(dev); PSDevice pDevice = (PSDevice)netdev_priv(dev);
PSMgmtObject pMgmt = &(pDevice->sMgmtObj); PSMgmtObject pMgmt = &pDevice->sMgmtObj;
PSCmdRequest pReq; PSCmdRequest pReq;
//BOOL bCommit = FALSE; u8 *buffer;
struct iwreq *wrq = (struct iwreq *) rq; struct iwreq *wrq = (struct iwreq *) rq;
int rc =0; int rc = 0;
if (pMgmt == NULL) { if (pMgmt == NULL) {
rc = -EFAULT; rc = -EFAULT;
...@@ -1797,19 +1797,27 @@ static int device_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) { ...@@ -1797,19 +1797,27 @@ static int device_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) {
break; break;
case SIOCGIWAPLIST: case SIOCGIWAPLIST:
{
char buffer[IW_MAX_AP * (sizeof(struct sockaddr) + sizeof(struct iw_quality))];
if (wrq->u.data.pointer) { if (wrq->u.data.pointer) {
rc = iwctl_giwaplist(dev, NULL, &(wrq->u.data), buffer); buffer = kzalloc((sizeof(struct sockaddr) +
if (rc == 0) { sizeof(struct iw_quality)) * IW_MAX_AP,
if (copy_to_user(wrq->u.data.pointer, GFP_KERNEL);
buffer, if (buffer == NULL) {
(wrq->u.data.length * (sizeof(struct sockaddr) + sizeof(struct iw_quality))) rc = -ENOMEM;
)) break;
rc = -EFAULT;
} }
rc = iwctl_giwaplist(dev, NULL, &(wrq->u.data), buffer);
if (rc < 0) {
kfree(buffer);
break;
} }
if (copy_to_user(wrq->u.data.pointer, buffer,
wrq->u.data.length * (sizeof(struct sockaddr)
+ sizeof(struct iw_quality))))
rc = -EFAULT;
kfree(buffer);
} }
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment