From ebb7c533b351000ceb8c099d5049fc34bf891ec5 Mon Sep 17 00:00:00 2001
From: Werner Almesberger <werner@openmoko.org>
Date: Wed, 19 Nov 2008 17:10:52 +0000
Subject: ar6k-essid-one-and-32.patch

This patch allows ESSID with length 1, which were rejected because the
stack assumed iwconfig used a different format in the ioctl's payload.

It also refuses ESSIDs longer than 31 bytes, because there is some
buffer overrun issue buried somewhere else in the stack. In principle,
32 bytes should be fine.

Open issue:
- where is the 32 bytes overrun ?

Signed-off-by: Werner Almesberger <werner@openmoko.org>
---
 drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'drivers/sdio/function/wlan')

diff --git a/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c b/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
index 680cf90f364..ab4d21b1f8c 100644
--- a/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
+++ b/drivers/sdio/function/wlan/ar6000/ar6000/wireless_ext.c
@@ -272,12 +272,11 @@ ar6000_ioctl_siwessid(struct net_device *dev,
     }
 
     /*
-     * iwconfig passes a null terminated string with length including this
-     * so we need to account for this
+     * iwconfig passes a string with length excluding any trailing NUL.
+     * FIXME: we should be able to set an ESSID of 32 bytes, yet things fall
+     * over badly if we do. So we limit the ESSID to 31 bytes.
      */
-    if (data->flags && (!data->length || (data->length == 1) ||
-        ((data->length - 1) > sizeof(ar->arSsid))))
-    {
+    if (data->flags && (!data->length || data->length >= sizeof(ar->arSsid))) {
         /*
          * ssid is invalid
          */
-- 
cgit v1.2.3