From b664312285eb6bb9378159f2fea02e39886a7012 Mon Sep 17 00:00:00 2001
From: Rohit Sarkar <rohitsarkar5398@gmail.com>
Date: Wed, 2 Oct 2019 22:35:19 +0530
Subject: [PATCH] staging: rtl8712: fix boundary condition for n
Git-commit: b664312285eb6bb9378159f2fea02e39886a7012
Patch-mainline: v5.5-rc1
References: jsc#SLE-13430
Now that snprintf is replaced by scnprintf n >= MAX_WPA_IE_LEN doesn't
make sense as the maximum value n can take is MAX_WPA_IE_LEN.
Signed-off-by: Rohit Sarkar <rohitsarkar5398@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20191002170518.GA1688@SARKAR
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Takashi Iwai <tiwai@suse.de>
---
drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
index b3263e953f05..363b82e3e7c6 100644
--- a/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
+++ b/drivers/staging/rtl8712/rtl871x_ioctl_linux.c
@@ -144,7 +144,7 @@ static noinline_for_stack char *translate_scan_wpa(struct iw_request_info *info,
for (i = 0; i < wpa_len; i++) {
n += scnprintf(buf + n, MAX_WPA_IE_LEN - n,
"%02x", wpa_ie[i]);
- if (n >= MAX_WPA_IE_LEN)
+ if (n == MAX_WPA_IE_LEN-1)
break;
}
memset(iwe, 0, sizeof(*iwe));
@@ -164,7 +164,7 @@ static noinline_for_stack char *translate_scan_wpa(struct iw_request_info *info,
for (i = 0; i < rsn_len; i++) {
n += scnprintf(buf + n, MAX_WPA_IE_LEN - n,
"%02x", rsn_ie[i]);
- if (n >= MAX_WPA_IE_LEN)
+ if (n == MAX_WPA_IE_LEN-1)
break;
}
memset(iwe, 0, sizeof(*iwe));
--
2.16.4