iwlwifi: Sanity check for sta_id
authorWey-Yi Guy <wey-yi.w.guy@intel.com>
Fri, 6 Jan 2012 21:16:28 +0000 (13:16 -0800)
committerJohn W. Linville <linville@tuxdriver.com>
Tue, 24 Jan 2012 19:08:35 +0000 (14:08 -0500)
On my testing, I saw some strange behavior

[  421.739708] iwlwifi 0000:01:00.0: ACTIVATE a non DRIVER active station id 148 addr 00:00:00:00:00:00
[  421.739719] iwlwifi 0000:01:00.0: iwl_sta_ucode_activate Added STA id 148 addr 00:00:00:00:00:00 to uCode

not sure how it happen, but adding the sanity check to prevent memory
corruption

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/iwlwifi/iwl-agn-sta.c

index 7353826095f110a8766d6c1a4425a71c49ba8a91..8d4353a42568f70bdfadefe5265f95cf48b8b954 100644 (file)
 #include "iwl-trans.h"
 
 /* priv->shrd->sta_lock must be held */
-static void iwl_sta_ucode_activate(struct iwl_priv *priv, u8 sta_id)
+static int iwl_sta_ucode_activate(struct iwl_priv *priv, u8 sta_id)
 {
-
+       if (sta_id >= IWLAGN_STATION_COUNT) {
+               IWL_ERR(priv, "invalid sta_id %u", sta_id);
+               return -EINVAL;
+       }
        if (!(priv->stations[sta_id].used & IWL_STA_DRIVER_ACTIVE))
                IWL_ERR(priv, "ACTIVATE a non DRIVER active station id %u "
                        "addr %pM\n",
@@ -53,6 +56,7 @@ static void iwl_sta_ucode_activate(struct iwl_priv *priv, u8 sta_id)
                IWL_DEBUG_ASSOC(priv, "Added STA id %u addr %pM to uCode\n",
                                sta_id, priv->stations[sta_id].sta.sta.addr);
        }
+       return 0;
 }
 
 static int iwl_process_add_sta_resp(struct iwl_priv *priv,
@@ -77,8 +81,7 @@ static int iwl_process_add_sta_resp(struct iwl_priv *priv,
        switch (pkt->u.add_sta.status) {
        case ADD_STA_SUCCESS_MSK:
                IWL_DEBUG_INFO(priv, "REPLY_ADD_STA PASSED\n");
-               iwl_sta_ucode_activate(priv, sta_id);
-               ret = 0;
+               ret = iwl_sta_ucode_activate(priv, sta_id);
                break;
        case ADD_STA_NO_ROOM_IN_TABLE:
                IWL_ERR(priv, "Adding station %d failed, no room in table.\n",