[stable] Patch "p54: Initialize extra_len in p54_tx_80211" has been added to the 2.6.38-stable tree

Fri, 22 Apr 2011 13:23:25 -0700 

This is a note to let you know that I've just added the patch titled

    p54: Initialize extra_len in p54_tx_80211

to the 2.6.38-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     p54-initialize-extra_len-in-p54_tx_80211.patch
and it can be found in the queue-2.6.38 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From a6756da9eace8b4af73e9dea43f1fc2889224c94 Mon Sep 17 00:00:00 2001
From: Jason Conti <[email protected]>
Date: Thu, 7 Apr 2011 21:09:57 +0200
Subject: p54: Initialize extra_len in p54_tx_80211

From: Jason Conti <[email protected]>

commit a6756da9eace8b4af73e9dea43f1fc2889224c94 upstream.

This patch fixes a very serious off-by-one bug in
the driver, which could leave the device in an
unresponsive state.

The problem was that the extra_len variable [used to
reserve extra scratch buffer space for the firmware]
was left uninitialized. Because p54_assign_address
later needs the value to reserve additional space,
the resulting frame could be to big for the small
device's memory window and everything would
immediately come to a grinding halt.

Reference: https://bugs.launchpad.net/bugs/722185

Acked-by: Christian Lamparter <[email protected]>
Signed-off-by: Jason Conti <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 drivers/net/wireless/p54/txrx.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/wireless/p54/txrx.c
+++ b/drivers/net/wireless/p54/txrx.c
@@ -705,7 +705,7 @@ int p54_tx_80211(struct ieee80211_hw *de
        struct p54_tx_info *p54info;
        struct p54_hdr *hdr;
        struct p54_tx_data *txhdr;
-       unsigned int padding, len, extra_len;
+       unsigned int padding, len, extra_len = 0;
        int i, j, ridx;
        u16 hdr_flags = 0, aid = 0;
        u8 rate, queue = 0, crypt_offset = 0;


Patches currently in stable-queue which might be from [email protected] are

queue-2.6.38/p54-initialize-extra_len-in-p54_tx_80211.patch

_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable

Reply via email to