Fix a problem where incomplete scan results could be returned if the
environment includes a large number of devices. Do not truncate the
scan results and allow a result to contain more than IW_SCAN_MAX_DATA
bytes.
Signed-off-by: David Kimdon <[EMAIL PROTECTED]>
Index: wireless-dev/net/d80211/ieee80211_sta.c
===================================================================
--- wireless-dev.orig/net/d80211/ieee80211_sta.c
+++ wireless-dev/net/d80211/ieee80211_sta.c
@@ -2753,6 +2753,10 @@ int ieee80211_sta_scan_results(struct ne
spin_lock_bh(&local->sta_bss_lock);
list_for_each(ptr, &local->sta_bss_list) {
bss = list_entry(ptr, struct ieee80211_sta_bss, list);
+ if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
+ spin_unlock_bh(&local->sta_bss_lock);
+ return -E2BIG;
+ }
current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
end_buf);
}
Index: wireless-dev/net/d80211/ieee80211_ioctl.c
===================================================================
--- wireless-dev.orig/net/d80211/ieee80211_ioctl.c
+++ wireless-dev/net/d80211/ieee80211_ioctl.c
@@ -1998,7 +1998,7 @@ static int ieee80211_ioctl_giwscan(struc
struct ieee80211_local *local = dev->ieee80211_ptr;
if (local->sta_scanning)
return -EAGAIN;
- res = ieee80211_sta_scan_results(dev, extra, IW_SCAN_MAX_DATA);
+ res = ieee80211_sta_scan_results(dev, extra, data->length);
if (res >= 0) {
data->length = res;
return 0;
--
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
