mwifiex: potential corruption in mwifiex_update_uap_custom_ie()

ap_custom_ie is a struct mwifiex_ie_list which is quite different and
also larger than struct mwifiex_ie.  It's a difference between 4196
bytes and 262.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Tested-by: Stone Piao <piaoyun@marvell.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Dan Carpenter 2012-09-23 19:33:00 +03:00 committed by John W. Linville
parent 046b6802c8
commit fd0fc5218d

View File

@ -160,7 +160,7 @@ mwifiex_update_uap_custom_ie(struct mwifiex_private *priv,
u16 len;
int ret;
ap_custom_ie = kzalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
ap_custom_ie = kzalloc(sizeof(*ap_custom_ie), GFP_KERNEL);
if (!ap_custom_ie)
return -ENOMEM;