From patchwork Wed Dec 29 20:01:16 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vipin Mehta <vmehta@atheros.com>
X-Patchwork-Id: 439871
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id oBUMBEkp000490
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu, 30 Dec 2010 22:11:49 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752452Ab0L2UCJ (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Wed, 29 Dec 2010 15:02:09 -0500
Received: from mail.atheros.com ([12.19.149.2]:23454 "EHLO mail.atheros.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752374Ab0L2UCH (ORCPT <rfc822; linux-wireless@vger.kernel.org>);
	Wed, 29 Dec 2010 15:02:07 -0500
Received: from mail.atheros.com ([10.10.20.108]) by sidewinder.atheros.com
	for <linux-wireless@vger.kernel.org>; Wed, 29 Dec 2010 12:01:50 -0800
Received: from smtp.atheros.com (10.10.17.207) by
	SC1EXHC-02.global.atheros.com (10.10.20.111) with Microsoft SMTP
	Server (TLS) id 8.2.213.0; Wed, 29 Dec 2010 12:02:05 -0800
Received: by smtp.atheros.com (sSMTP sendmail emulation); Wed, 29 Dec 2010
	12:01:18 -0800
From: Vipin Mehta <vmehta@atheros.com>
To: <greg@kroah.com>
CC: <linux-wireless@vger.kernel.org>, <simbwa@gmail.com>, <error27@gmail.com>,
	<devel@driverdev.osuosl.org>, Vipin Mehta <vmehta@atheros.com>
Subject: [PATCH] Staging: ath6kl: fix potential buffer overflow
Date: Wed, 29 Dec 2010 12:01:16 -0800
Message-ID: <1293652876-18594-1-git-send-email-vmehta@atheros.com>
X-Mailer: git-send-email 1.6.3.3
MIME-Version: 1.0
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]);
	Thu, 30 Dec 2010 22:11:49 +0000 (UTC)


diff --git a/drivers/staging/ath6kl/miscdrv/ar3kps/ar3kpsconfig.c b/drivers/staging/ath6kl/miscdrv/ar3kps/ar3kpsconfig.c
index 0e298db..29b8ab4 100644
--- a/drivers/staging/ath6kl/miscdrv/ar3kps/ar3kpsconfig.c
+++ b/drivers/staging/ath6kl/miscdrv/ar3kps/ar3kpsconfig.c
@@ -360,8 +360,8 @@ int PSSendOps(void *arg)
         	status = 1;
         	goto complete;
     	}
-        len = (firmware->size > MAX_BDADDR_FORMAT_LENGTH)? MAX_BDADDR_FORMAT_LENGTH: firmware->size;
-	memcpy(config_bdaddr, firmware->data,len);
+	len = min(firmware->size, MAX_BDADDR_FORMAT_LENGTH - 1);
+	memcpy(config_bdaddr, firmware->data, len);
 	config_bdaddr[len] = '\0';
 	write_bdaddr(hdev,config_bdaddr,BDADDR_TYPE_STRING);
        	A_RELEASE_FIRMWARE(firmware);