summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2011-10-12 11:10:37 +0300
committerJohn W. Linville <linville@tuxdriver.com>2011-10-14 14:48:15 -0400
commitf9a703e173849425079e29e63bf960c2625e0a85 (patch)
treebebb01202223540fb20f5e4593fc6f8453188331
parentd83579e2a50ac68389e6b4c58b845c702cf37516 (diff)
iwmc3200wifi: add a range check to iwm_cfg80211_get_key()
Smatch complains that "key_index" is capped at 5 in nl80211_get_key() but iwm->keys[] only has 4 elements. I don't know if this is really needed, but the other ->get_key() implementations seemed to check for overflows so I've added a check here. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--drivers/net/wireless/iwmc3200wifi/cfg80211.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/net/wireless/iwmc3200wifi/cfg80211.c b/drivers/net/wireless/iwmc3200wifi/cfg80211.c
index ed57e4402800..c42be81e979e 100644
--- a/drivers/net/wireless/iwmc3200wifi/cfg80211.c
+++ b/drivers/net/wireless/iwmc3200wifi/cfg80211.c
@@ -187,13 +187,17 @@ static int iwm_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev,
struct key_params*))
{
struct iwm_priv *iwm = ndev_to_iwm(ndev);
- struct iwm_key *key = &iwm->keys[key_index];
+ struct iwm_key *key;
struct key_params params;
IWM_DBG_WEXT(iwm, DBG, "Getting key %d\n", key_index);
+ if (key_index >= IWM_NUM_KEYS)
+ return -ENOENT;
+
memset(&params, 0, sizeof(params));
+ key = &iwm->keys[key_index];
params.cipher = key->cipher;
params.key_len = key->key_len;
params.seq_len = key->seq_len;