Patchwork [3.5.y.z,extended,stable] Patch "mac80211: fix SSID copy on IBSS JOIN" has been added to staging queue

Submitter Herton Ronaldo Krzesinski
Date Dec. 5, 2012, 10:29 p.m.
Message ID <>
Herton Ronaldo Krzesinski - Dec. 5, 2012, 10:29 p.m.
This is a note to let you know that I have just added a patch titled

    mac80211: fix SSID copy on IBSS JOIN

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



From 29c54281f1f69c88924ebbe2a70d5b67e2aa2567 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <>
Date: Fri, 26 Oct 2012 18:54:25 +0200
Subject: [PATCH] mac80211: fix SSID copy on IBSS JOIN
X-Extended-Stable: 3.5

commit badecb001a310408d3473b1fc2ed5aefd0bc92a9 upstream.

The 'ssid' field of the cfg80211_ibss_params is a u8 pointer and
its length is likely to be less than IEEE80211_MAX_SSID_LEN most
of the time.

This patch fixes the ssid copy in ieee80211_ibss_join() by using
the SSID length to prevent it from reading beyond the string.

Signed-off-by: Antonio Quartulli <>
[rewrapped commit message, small rewording]
Signed-off-by: Johannes Berg <>
Signed-off-by: Herton Ronaldo Krzesinski <>
 net/mac80211/ibss.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)



diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 33d9d0c..ebf6425 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -1111,7 +1111,7 @@  int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
 	sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
 	sdata->u.ibss.ibss_join_req = jiffies;

-	memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN);
+	memcpy(sdata->u.ibss.ssid, params->ssid, params->ssid_len);
 	sdata->u.ibss.ssid_len = params->ssid_len;