staging/rtl8192e: userspace ptr deref + incorrect declarations

. userspace pointer dereference ;

These issues have been fixed by a concurrent patch:
. missing inclusions of needed header files (fixed by concurrent patch);
. unrequired static function declaration (confusing another *.c file).

Signed-off-by: Dominique van den Broeck <domdevlin@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
index de7609716435dbb760532d612d4747468235cb83..52870041fcb7fb7d025b8e8f84ade246d9ebe3ac 100644 (file)
--- a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
+++ b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
@@ -1131,11 +1131,18 @@ static int r8192_wx_set_PromiscuousMode(struct net_device *dev,
        struct r8192_priv *priv = rtllib_priv(dev);
        struct rtllib_device *ieee = priv->rtllib;
 
-       u32 *info_buf = (u32 *)(wrqu->data.pointer);
+       u32 info_buf[3];
 
-       u32 oid = info_buf[0];
-       u32 bPromiscuousOn = info_buf[1];
-       u32 bFilterSourceStationFrame = info_buf[2];
+       u32 oid;
+       u32 bPromiscuousOn;
+       u32 bFilterSourceStationFrame;
+
+       if (copy_from_user(info_buf, wrqu->data.pointer, sizeof(info_buf)))
+               return -EFAULT;
+
+       oid = info_buf[0];
+       bPromiscuousOn = info_buf[1];
+       bFilterSourceStationFrame = info_buf[2];
 
        if (OID_RT_INTEL_PROMISCUOUS_MODE == oid) {
                ieee->IntelPromiscuousModeInfo.bPromiscuousOn =