Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1c7e4a7c authored by Dan Carpenter's avatar Dan Carpenter Committed by Greg Kroah-Hartman
Browse files

Staging: otus: off by one in usbdrvwext_siwessid() 



A 33 char ESSID is too long and it could cause a buffer overflow
a couple lines below when we put a NULL terminator on the end.

Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent ed300132

drivers/staging/otus/ioctl.c

+1 −1
Original line number Diff line number Diff line
@@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev, 
		return -EINVAL;



	if (essid->flags == 1) {

		if (essid->length > (IW_ESSID_MAX_SIZE + 1))

		if (essid->length > IW_ESSID_MAX_SIZE)

			return -E2BIG;



		if (copy_from_user(&EssidBuf, essid->pointer, essid->length))