>>>>> "Jean" == Jean Tourrilhes <[email protected]> writes:
Jean> @@ -2500,9 +2501,9 @@ static int orinoco_hw_get_essid(struct o
Jean> len = le16_to_cpu(essidbuf.len);
Jean> BUG_ON(len > IW_ESSID_MAX_SIZE);
Jean>
Jean> - memset(buf, 0, IW_ESSID_MAX_SIZE+1);
Jean> + memset(buf, 0, IW_ESSID_MAX_SIZE);
Jean> memcpy(buf, p, len);
Jean> - buf[len] = '\0';
Jean> + err = len;
Jean,
something bugs me here:
- either buf is supposed to be a nul-terminated string, in which
case if p is IW_ESSID_MAX_SIZE long there may be a bug (no '\0' at
the end of buf)
- either buf is not-supposed to be nul-terminated and the length
value will always be used, in which case the memset() looks
useless
I suggest that you revert the memset() to IW_ESSID_MAX_SIZE+1 so that
the last byte is cleared as well. Or am I missing something?
Sam
--
Samuel Tardieu -- [email protected] -- http://www.rfc1149.net/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
