[Madwifi-cvs] revision 4013 committed
Status: Beta
Brought to you by:
otaku
From: Pavel R. <svn...@ma...> - 2009-04-28 05:00:28
|
Project : madwifi Revision : 4013 Author : proski (Pavel Roskin) Date : 2009-04-28 06:58:59 +0200 (Tue, 28 Apr 2009) Log Message : Fix excessive stack usage in ieee80211_ioctl_getchaninfo() Affected Files: * madwifi/branches/madwifi-dfs/net80211/ieee80211_wireless.c updated * madwifi/branches/madwifi-hal-0.10.5.6/net80211/ieee80211_wireless.c updated * madwifi/branches/madwifi-hal-0.9.30.13/net80211/ieee80211_wireless.c updated * madwifi/branches/madwifi-hal-testing/net80211/ieee80211_wireless.c updated Modified: madwifi/branches/madwifi-dfs/net80211/ieee80211_wireless.c =================================================================== --- madwifi/branches/madwifi-dfs/net80211/ieee80211_wireless.c 2009-04-28 04:56:27 UTC (rev 4012) +++ madwifi/branches/madwifi-dfs/net80211/ieee80211_wireless.c 2009-04-28 04:58:59 UTC (rev 4013) @@ -3953,11 +3953,14 @@ { struct ieee80211vap *vap = netdev_priv(dev); struct ieee80211com *ic = vap->iv_ic; - struct ieee80211req_chaninfo chans; + struct ieee80211req_chaninfo *chans; u_int8_t reported[IEEE80211_CHAN_BYTES]; /* XXX stack usage? */ int i; - memset(&chans, 0, sizeof(chans)); + chans = kzalloc(sizeof(*chans), GFP_KERNEL); + if (!chans) + return -ENOMEM; + memset(&reported, 0, sizeof(reported)); for (i = 0; i < ic->ic_nchans; i++) { const struct ieee80211_channel *c = &ic->ic_channels[i]; @@ -3981,12 +3984,14 @@ if (c1) c = c1; /* Copy the entire structure, whereas it used to just copy a few fields */ - memcpy(&chans.ic_chans[chans.ic_nchans], c, sizeof(struct ieee80211_channel)); - if (++chans.ic_nchans >= IEEE80211_CHAN_MAX) + memcpy(&chans->ic_chans[chans->ic_nchans], c, + sizeof(struct ieee80211_channel)); + if (++chans->ic_nchans >= IEEE80211_CHAN_MAX) break; } } - memcpy(extra, &chans, sizeof(struct ieee80211req_chaninfo)); + memcpy(extra, chans, sizeof(struct ieee80211req_chaninfo)); + kfree(chans); return 0; } Modified: madwifi/branches/madwifi-hal-0.10.5.6/net80211/ieee80211_wireless.c =================================================================== --- madwifi/branches/madwifi-hal-0.10.5.6/net80211/ieee80211_wireless.c 2009-04-28 04:56:27 UTC (rev 4012) +++ madwifi/branches/madwifi-hal-0.10.5.6/net80211/ieee80211_wireless.c 2009-04-28 04:58:59 UTC (rev 4013) @@ -3979,11 +3979,14 @@ { struct ieee80211vap *vap = netdev_priv(dev); struct ieee80211com *ic = vap->iv_ic; - struct ieee80211req_chaninfo chans; + struct ieee80211req_chaninfo *chans; u_int8_t reported[IEEE80211_CHAN_BYTES]; /* XXX stack usage? */ int i; - memset(&chans, 0, sizeof(chans)); + chans = kzalloc(sizeof(*chans), GFP_KERNEL); + if (!chans) + return -ENOMEM; + memset(&reported, 0, sizeof(reported)); for (i = 0; i < ic->ic_nchans; i++) { const struct ieee80211_channel *c = &ic->ic_channels[i]; @@ -4007,12 +4010,14 @@ if (c1) c = c1; /* Copy the entire structure, whereas it used to just copy a few fields */ - memcpy(&chans.ic_chans[chans.ic_nchans], c, sizeof(struct ieee80211_channel)); - if (++chans.ic_nchans >= IEEE80211_CHAN_MAX) + memcpy(&chans->ic_chans[chans->ic_nchans], c, + sizeof(struct ieee80211_channel)); + if (++chans->ic_nchans >= IEEE80211_CHAN_MAX) break; } } - memcpy(extra, &chans, sizeof(struct ieee80211req_chaninfo)); + memcpy(extra, chans, sizeof(struct ieee80211req_chaninfo)); + kfree(chans); return 0; } Modified: madwifi/branches/madwifi-hal-0.9.30.13/net80211/ieee80211_wireless.c =================================================================== --- madwifi/branches/madwifi-hal-0.9.30.13/net80211/ieee80211_wireless.c 2009-04-28 04:56:27 UTC (rev 4012) +++ madwifi/branches/madwifi-hal-0.9.30.13/net80211/ieee80211_wireless.c 2009-04-28 04:58:59 UTC (rev 4013) @@ -3979,11 +3979,14 @@ { struct ieee80211vap *vap = netdev_priv(dev); struct ieee80211com *ic = vap->iv_ic; - struct ieee80211req_chaninfo chans; + struct ieee80211req_chaninfo *chans; u_int8_t reported[IEEE80211_CHAN_BYTES]; /* XXX stack usage? */ int i; - memset(&chans, 0, sizeof(chans)); + chans = kzalloc(sizeof(*chans), GFP_KERNEL); + if (!chans) + return -ENOMEM; + memset(&reported, 0, sizeof(reported)); for (i = 0; i < ic->ic_nchans; i++) { const struct ieee80211_channel *c = &ic->ic_channels[i]; @@ -4007,12 +4010,14 @@ if (c1) c = c1; /* Copy the entire structure, whereas it used to just copy a few fields */ - memcpy(&chans.ic_chans[chans.ic_nchans], c, sizeof(struct ieee80211_channel)); - if (++chans.ic_nchans >= IEEE80211_CHAN_MAX) + memcpy(&chans->ic_chans[chans->ic_nchans], c, + sizeof(struct ieee80211_channel)); + if (++chans->ic_nchans >= IEEE80211_CHAN_MAX) break; } } - memcpy(extra, &chans, sizeof(struct ieee80211req_chaninfo)); + memcpy(extra, chans, sizeof(struct ieee80211req_chaninfo)); + kfree(chans); return 0; } Modified: madwifi/branches/madwifi-hal-testing/net80211/ieee80211_wireless.c =================================================================== --- madwifi/branches/madwifi-hal-testing/net80211/ieee80211_wireless.c 2009-04-28 04:56:27 UTC (rev 4012) +++ madwifi/branches/madwifi-hal-testing/net80211/ieee80211_wireless.c 2009-04-28 04:58:59 UTC (rev 4013) @@ -3979,11 +3979,14 @@ { struct ieee80211vap *vap = netdev_priv(dev); struct ieee80211com *ic = vap->iv_ic; - struct ieee80211req_chaninfo chans; + struct ieee80211req_chaninfo *chans; u_int8_t reported[IEEE80211_CHAN_BYTES]; /* XXX stack usage? */ int i; - memset(&chans, 0, sizeof(chans)); + chans = kzalloc(sizeof(*chans), GFP_KERNEL); + if (!chans) + return -ENOMEM; + memset(&reported, 0, sizeof(reported)); for (i = 0; i < ic->ic_nchans; i++) { const struct ieee80211_channel *c = &ic->ic_channels[i]; @@ -4007,12 +4010,14 @@ if (c1) c = c1; /* Copy the entire structure, whereas it used to just copy a few fields */ - memcpy(&chans.ic_chans[chans.ic_nchans], c, sizeof(struct ieee80211_channel)); - if (++chans.ic_nchans >= IEEE80211_CHAN_MAX) + memcpy(&chans->ic_chans[chans->ic_nchans], c, + sizeof(struct ieee80211_channel)); + if (++chans->ic_nchans >= IEEE80211_CHAN_MAX) break; } } - memcpy(extra, &chans, sizeof(struct ieee80211req_chaninfo)); + memcpy(extra, chans, sizeof(struct ieee80211req_chaninfo)); + kfree(chans); return 0; } |