[patch 49/87] mac80211: minstrel, fix memory corruption

From: Greg KH
Date: Tue Jun 09 2009 - 06:28:47 EST

2.6.29-stable review patch. If anyone has any objections, please let us know.


From: Jiri Slaby <jirislaby@xxxxxxxxx>

commit 8e532175277d9a5eae49768ed086555081f741a7 upstream.

minstrel doesn't count max rate count in fact, since it doesn't use
a loop variable `i' and hence allocs space only for bitrates found in
the first band.

Fix it by involving the `i' as an index so that it traverses all the
bands now and finds the real max bitrate count.

Signed-off-by: Jiri Slaby <jirislaby@xxxxxxxxx>
Cc: Felix Fietkau <nbd@xxxxxxxxxxx>
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

net/mac80211/rc80211_minstrel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -476,7 +476,7 @@ minstrel_alloc_sta(void *priv, struct ie
return NULL;

for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
- sband = hw->wiphy->bands[hw->conf.channel->band];
+ sband = hw->wiphy->bands[i];
if (sband->n_bitrates > max_rates)
max_rates = sband->n_bitrates;

