[ 3.8.y.z extended stable ] Patch "Hostap: copying wrong data prism2_ioctl_giwaplist()" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Thu Aug 29 23:47:19 UTC 2013 

This is a note to let you know that I have just added a patch titled

    Hostap: copying wrong data prism2_ioctl_giwaplist()

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.8.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 026af307058b1a7185a70ac6c51f2684f3d01ab0 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter at oracle.com>
Date: Fri, 9 Aug 2013 12:52:31 +0300
Subject: Hostap: copying wrong data prism2_ioctl_giwaplist()

commit 909bd5926d474e275599094acad986af79671ac9 upstream.

We want the data stored in "addr" and "qual", but the extra ampersands
mean we are copying stack data instead.

Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 drivers/net/wireless/hostap/hostap_ioctl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/hostap/hostap_ioctl.c b/drivers/net/wireless/hostap/hostap_ioctl.c
index ac07473..e509030 100644
--- a/drivers/net/wireless/hostap/hostap_ioctl.c
+++ b/drivers/net/wireless/hostap/hostap_ioctl.c
@@ -523,9 +523,9 @@ static int prism2_ioctl_giwaplist(struct net_device *dev,

 	data->length = prism2_ap_get_sta_qual(local, addr, qual, IW_MAX_AP, 1);

-	memcpy(extra, &addr, sizeof(struct sockaddr) * data->length);
+	memcpy(extra, addr, sizeof(struct sockaddr) * data->length);
 	data->flags = 1; /* has quality information */
-	memcpy(extra + sizeof(struct sockaddr) * data->length, &qual,
+	memcpy(extra + sizeof(struct sockaddr) * data->length, qual,
 	       sizeof(struct iw_quality) * data->length);

 	kfree(addr);
--
1.8.1.2

More information about the kernel-team mailing list