dect
/
linux-2.6
Archived
13
0
Fork 0
Code Releases Activity

mac80211: fix scan band off-by-one error 

When checking for the next band to advance to, there
was an off-by-one error that could lead to an access
to an invalid array index. Additionally, the later
check for scan_band >= IEEE80211_NUM_BANDS is not
required since that will never be true.

This also improves the comments related to that code.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Johannes Berg 2008-01-28 17:08:56 +01:00 committed by John W. Linville
parent ee688b000d
commit 69d464d593
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
net/mac80211/ieee80211_sta.c
View File

@ -3412,22 +3412,28 @@ void ieee80211_sta_scan_work(struct work_struct *work)
switch (local->scan_state) { switch (local->scan_state) {
case SCAN_SET_CHANNEL: case SCAN_SET_CHANNEL:
/* get current scan band */ /*
* Get current scan band. scan_band may be IEEE80211_NUM_BANDS
* after we successfully scanned the last channel of the last
* band (and the last band is supported by the hw)
*/
if (local->scan_band < IEEE80211_NUM_BANDS) if (local->scan_band < IEEE80211_NUM_BANDS)
sband = local->hw.wiphy->bands[local->scan_band]; sband = local->hw.wiphy->bands[local->scan_band];
else else
sband = NULL; sband = NULL;
/* if we started at an unsupported one, advance */ /*
while (!sband && local->scan_band < IEEE80211_NUM_BANDS) { * If we are at an unsupported band and have more bands
* left to scan, advance to the next supported one.
*/
while (!sband && local->scan_band < IEEE80211_NUM_BANDS - 1) {
local->scan_band++; local->scan_band++;
sband = local->hw.wiphy->bands[local->scan_band]; sband = local->hw.wiphy->bands[local->scan_band];
local->scan_channel_idx = 0; local->scan_channel_idx = 0;
} }
if (!sband || /* if no more bands/channels left, complete scan */
(local->scan_channel_idx >= sband->n_channels && if (!sband || local->scan_channel_idx >= sband->n_channels) {
local->scan_band >= IEEE80211_NUM_BANDS)) {
ieee80211_scan_completed(local_to_hw(local)); ieee80211_scan_completed(local_to_hw(local));
return; return;
} }
@ -3449,8 +3455,14 @@ void ieee80211_sta_scan_work(struct work_struct *work)
} }
} }
/* advance state machine to next channel/band */
local->scan_channel_idx++; local->scan_channel_idx++;
if (local->scan_channel_idx >= sband->n_channels) { if (local->scan_channel_idx >= sband->n_channels) {
/*
* scan_band may end up == IEEE80211_NUM_BANDS, but
* we'll catch that case above and complete the scan
* if that is the case.
*/
local->scan_band++; local->scan_band++;
local->scan_channel_idx = 0; local->scan_channel_idx = 0;
} }