airo: airo_get_encode{,ext} potential buffer overflow
commitaedec9226809ae9d1972f8f8079fc70206ee7a88
authorJohn W. Linville <linville@tuxdriver.com>
Mon, 4 May 2009 15:18:57 +0000 (4 11:18 -0400)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 11 May 2009 19:07:01 +0000 (11 15:07 -0400)
tree21e003e44b23d5b780e3da8431098e955851948a
parente1cc1c578055d20d36e084e324001fb5e0355a71
airo: airo_get_encode{,ext} potential buffer overflow

Feeding the return code of get_wep_key directly to the length parameter
of memcpy is a bad idea since it could be -1...

Reported-by: Eugene Teo <eugeneteo@kernel.sg>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/airo.c