@@ -312,17 +312,11 @@ struct ndis_80211_assoc_info {
__le32 offset_resp_ies;
} __packed;
-struct ndis_80211_auth_encr_pair {
- __le32 auth_mode;
- __le32 encr_mode;
-} __packed;
-
struct ndis_80211_capability {
__le32 length;
__le32 version;
__le32 num_pmkids;
__le32 num_auth_encr_pair;
- struct ndis_80211_auth_encr_pair auth_encr_pair[0];
} __packed;
struct ndis_80211_bssid_info {
@@ -3109,8 +3103,7 @@ static int rndis_wlan_get_caps(struct usbnet *usbdev, struct wiphy *wiphy)
__le32 num_items;
__le32 items[8];
} networks_supported;
- struct ndis_80211_capability *caps;
- u8 caps_buf[sizeof(*caps) + sizeof(caps->auth_encr_pair) * 16];
+ struct ndis_80211_capability caps;
int len, retval, i, n;
struct rndis_wlan_private *priv = get_rndis_wlan_priv(usbdev);
@@ -3140,19 +3133,18 @@ static int rndis_wlan_get_caps(struct usbnet *usbdev, struct wiphy *wiphy)
}
/* get device 802.11 capabilities, number of PMKIDs */
- caps = (struct ndis_80211_capability *)caps_buf;
- len = sizeof(caps_buf);
+ len = sizeof(caps);
retval = rndis_query_oid(usbdev,
RNDIS_OID_802_11_CAPABILITY,
- caps, &len);
+ &caps, &len);
if (retval >= 0) {
netdev_dbg(usbdev->net, "RNDIS_OID_802_11_CAPABILITY -> len %d, "
"ver %d, pmkids %d, auth-encr-pairs %d\n",
- le32_to_cpu(caps->length),
- le32_to_cpu(caps->version),
- le32_to_cpu(caps->num_pmkids),
- le32_to_cpu(caps->num_auth_encr_pair));
- wiphy->max_num_pmkids = le32_to_cpu(caps->num_pmkids);
+ le32_to_cpu(caps.length),
+ le32_to_cpu(caps.version),
+ le32_to_cpu(caps.num_pmkids),
+ le32_to_cpu(caps.num_auth_encr_pair));
+ wiphy->max_num_pmkids = le32_to_cpu(caps.num_pmkids);
} else
wiphy->max_num_pmkids = 0;
caps_buf is always of size sizeof(*caps) because sizeof(caps->auth_encr_pair) * 16 is always zero. Notice that when using zero-length arrays, sizeof evaluates to zero[1]. So, the code introduced by commit 0308383f9591 ("rndis_wlan: get max_num_pmkids from device") is logically dead, hence is never executed and can be removed. As a consequence, the rest of the related code can be refactored a bit. Notice that this code has been out there since March 2010. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- In case this is actually a 10-year old bug, then we might want calculate the size of caps_buf through the use of the struct_size helper: struct_size(caps, auth_encr_pair, 16); and we might also want to allocate dynamic memory instead, as we cannot do u8 caps_buf[struct_size(caps, auth_encr_pair, 16)]; due to -Wvla. Thanks -- Gustavo drivers/net/wireless/rndis_wlan.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-)