Staging: otus: off by one in usbdrvwext_siwessid()

A 33 char ESSID is too long and it could cause a buffer overflow
a couple lines below when we put a NULL terminator on the end.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/staging/otus/ioctl.c b/drivers/staging/otus/ioctl.c
index 6808e69fb354970376bf93a9b837dac8a85cbb0b..86d93330acad4db399ced8b1874208d8654bcf35 100644 (file)
--- a/drivers/staging/otus/ioctl.c
+++ b/drivers/staging/otus/ioctl.c
@@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev,
                return -EINVAL;
 
        if (essid->flags == 1) {
-               if (essid->length > (IW_ESSID_MAX_SIZE + 1))
+               if (essid->length > IW_ESSID_MAX_SIZE)
                        return -E2BIG;
 
                if (copy_from_user(&EssidBuf, essid->pointer, essid->length))