forked from Minki/linux
p54: Initialize extra_len in p54_tx_80211
This patch fixes a very serious off-by-one bug in the driver, which could leave the device in an unresponsive state. The problem was that the extra_len variable [used to reserve extra scratch buffer space for the firmware] was left uninitialized. Because p54_assign_address later needs the value to reserve additional space, the resulting frame could be to big for the small device's memory window and everything would immediately come to a grinding halt. Reference: https://bugs.launchpad.net/bugs/722185 Cc: <stable@kernel.org> Acked-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: Jason Conti <jason.conti@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
parent
96f372c95d
commit
a6756da9ea
@ -703,7 +703,7 @@ void p54_tx_80211(struct ieee80211_hw *dev, struct sk_buff *skb)
|
||||
struct p54_tx_info *p54info;
|
||||
struct p54_hdr *hdr;
|
||||
struct p54_tx_data *txhdr;
|
||||
unsigned int padding, len, extra_len;
|
||||
unsigned int padding, len, extra_len = 0;
|
||||
int i, j, ridx;
|
||||
u16 hdr_flags = 0, aid = 0;
|
||||
u8 rate, queue = 0, crypt_offset = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user