net: wireless: bcmdhd: Fix Android Bug 25662233
[linux-3.10.git] / drivers / net / wireless / bcmdhd / wl_cfg80211.c
index 8f2751c..ff584b4 100755 (executable)
@@ -1193,8 +1193,9 @@ wl_validate_wps_ie(char *wps_ie, s32 wps_ie_len, bool *pbc)
                        WL_DBG(("  attr WPS_ID_CONFIG_METHODS: %x\n", HTON16(val)));
                } else if (subelt_id == WPS_ID_DEVICE_NAME) {
                        char devname[100];
-                       memcpy(devname, subel, subelt_len);
-                       devname[subelt_len] = '\0';
+                       size_t namelen = MIN(subelt_len, sizeof(devname)-1);
+                       memcpy(devname, subel, namelen);
+                       devname[namelen] = '\0';
                        WL_DBG(("  attr WPS_ID_DEVICE_NAME: %s (len %u)\n",
                                devname, subelt_len));
                } else if (subelt_id == WPS_ID_DEVICE_PWD_ID) {
@@ -10194,9 +10195,9 @@ wl_notify_sched_scan_results(struct bcm_cfg80211 *cfg, struct net_device *ndev,
                         * scan request in the form of cfg80211_scan_request. For timebeing, create
                         * cfg80211_scan_request one out of the received PNO event.
                         */
+                       ssid[i].ssid_len = MIN(DOT11_MAX_SSID_LEN, netinfo->pfnsubnet.SSID_len);
                        memcpy(ssid[i].ssid, netinfo->pfnsubnet.SSID,
-                               netinfo->pfnsubnet.SSID_len);
-                       ssid[i].ssid_len = netinfo->pfnsubnet.SSID_len;
+                              ssid[i].ssid_len);
                        request->n_ssids++;
 
                        channel_req = netinfo->pfnsubnet.channel;