projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba36d10)
staging: wilc1000: fix infinite loop and out-of-bounds access
authorGustavo A. R. Silva <gustavo@embeddedor.com>
Mon, 30 Apr 2018 12:50:40 +0000 (07:50 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 3 May 2018 20:55:51 +0000 (13:55 -0700)
If i < slot_id is initially true then it will remain true. Also,
as i is being decremented it will end up accessing memory out of
bounds.

Fix this by incrementing *i* instead of decrementing it.

Addresses-Coverity-ID: 1468454 ("Infinite loop")
Fixes: faa657641081 ("staging: wilc1000: refactor scan() to free kmalloc memory on failure cases")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/wilc1000/wilc_wfi_cfgoperations.c patch | blob | history

diff --git a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
index 92322d6f061d2280ed261bd24037d0c83a15138f..d6401a04fe3f2980d386c70c7f25648ecf3b5bad 100644 (file)
--- a/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
+++ b/drivers/staging/wilc1000/wilc_wfi_cfgoperations.c
@@ -608,7 +608,7 @@ wilc_wfi_cfg_alloc_fill_ssid(struct cfg80211_scan_request *request,
 
 out_free:
 
-       for (i = 0; i < slot_id ; i--)
+       for (i = 0; i < slot_id; i++)
                kfree(ntwk->net_info[i].ssid);
 
        kfree(ntwk->net_info);
John Crispins staging tree