Fix a problem where incomplete scan results could be returned if the environment includes a large number of devices. Do not truncate the scan results and allow a result to contain more than IW_SCAN_MAX_DATA bytes.
Signed-off-by: David Kimdon <[EMAIL PROTECTED]> Index: wireless-dev/net/d80211/ieee80211_sta.c =================================================================== --- wireless-dev.orig/net/d80211/ieee80211_sta.c +++ wireless-dev/net/d80211/ieee80211_sta.c @@ -2753,6 +2753,10 @@ int ieee80211_sta_scan_results(struct ne spin_lock_bh(&local->sta_bss_lock); list_for_each(ptr, &local->sta_bss_list) { bss = list_entry(ptr, struct ieee80211_sta_bss, list); + if (buf + len - current_ev <= IW_EV_ADDR_LEN) { + spin_unlock_bh(&local->sta_bss_lock); + return -E2BIG; + } current_ev = ieee80211_sta_scan_result(dev, bss, current_ev, end_buf); } Index: wireless-dev/net/d80211/ieee80211_ioctl.c =================================================================== --- wireless-dev.orig/net/d80211/ieee80211_ioctl.c +++ wireless-dev/net/d80211/ieee80211_ioctl.c @@ -1998,7 +1998,7 @@ static int ieee80211_ioctl_giwscan(struc struct ieee80211_local *local = dev->ieee80211_ptr; if (local->sta_scanning) return -EAGAIN; - res = ieee80211_sta_scan_results(dev, extra, IW_SCAN_MAX_DATA); + res = ieee80211_sta_scan_results(dev, extra, data->length); if (res >= 0) { data->length = res; return 0; -- - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html