diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2011-10-12 11:10:37 +0300 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2011-10-14 14:48:15 -0400 |
commit | f9a703e173849425079e29e63bf960c2625e0a85 (patch) | |
tree | bebb01202223540fb20f5e4593fc6f8453188331 | |
parent | d83579e2a50ac68389e6b4c58b845c702cf37516 (diff) |
iwmc3200wifi: add a range check to iwm_cfg80211_get_key()
Smatch complains that "key_index" is capped at 5 in nl80211_get_key()
but iwm->keys[] only has 4 elements. I don't know if this is really
needed, but the other ->get_key() implementations seemed to check
for overflows so I've added a check here.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r-- | drivers/net/wireless/iwmc3200wifi/cfg80211.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/net/wireless/iwmc3200wifi/cfg80211.c b/drivers/net/wireless/iwmc3200wifi/cfg80211.c index ed57e4402800..c42be81e979e 100644 --- a/drivers/net/wireless/iwmc3200wifi/cfg80211.c +++ b/drivers/net/wireless/iwmc3200wifi/cfg80211.c @@ -187,13 +187,17 @@ static int iwm_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, struct key_params*)) { struct iwm_priv *iwm = ndev_to_iwm(ndev); - struct iwm_key *key = &iwm->keys[key_index]; + struct iwm_key *key; struct key_params params; IWM_DBG_WEXT(iwm, DBG, "Getting key %d\n", key_index); + if (key_index >= IWM_NUM_KEYS) + return -ENOENT; + memset(¶ms, 0, sizeof(params)); + key = &iwm->keys[key_index]; params.cipher = key->cipher; params.key_len = key->key_len; params.seq_len = key->seq_len; |