From: Daniel Drake <dsd@laptop.org>
Date: Fri, 14 Jun 2013 19:24:24 +0000 (-0400)
Subject: mwifiex: fix memory corruption when unsetting multicast list
X-Git-Tag: v3.11-rc1~64^2~166^2^2~33
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6390d88529835a8ad3563fe01a5da89fa52d6db2;p=pandora-kernel.git

mwifiex: fix memory corruption when unsetting multicast list

When trying to unset a previously-set multicast list (i.e. the new list
has 0 entries), mwifiex_set_multicast_list() was calling down to
mwifiex_request_set_multicast_list() while leaving
mcast_list.num_multicast_addr as an uninitialized value.

We were arriving at mwifiex_cmd_mac_multicast_adr() which would then
proceed to do an often huge memcpy of
mcast_list.num_multicast_addr*ETH_ALEN bytes, causing memory corruption
and hard to debug crashes.

Fix this by setting mcast_list.num_multicast_addr to 0 when no multicast
list is provided. Similarly, fix up the logic in
mwifiex_request_set_multicast_list() to unset the multicast list that
was previously sent to the hardware in such cases.

Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
---

Reading git-diff-tree failed