From 1c7e4a7c326c916918b5a29051db4f93973e775a Mon Sep 17 00:00:00 2001
From: Dan Carpenter <error27@gmail.com>
Date: Mon, 28 Dec 2009 19:01:34 +0200
Subject: [PATCH] Staging: otus: off by one in usbdrvwext_siwessid()

A 33 char ESSID is too long and it could cause a buffer overflow
a couple lines below when we put a NULL terminator on the end.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 drivers/staging/otus/ioctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/otus/ioctl.c b/drivers/staging/otus/ioctl.c
index 6808e69..86d9333 100644
--- a/drivers/staging/otus/ioctl.c
+++ b/drivers/staging/otus/ioctl.c
@@ -930,7 +930,7 @@ int usbdrvwext_siwessid(struct net_device *dev,
 		return -EINVAL;
 
 	if (essid->flags == 1) {
-		if (essid->length > (IW_ESSID_MAX_SIZE + 1))
+		if (essid->length > IW_ESSID_MAX_SIZE)
 			return -E2BIG;
 
 		if (copy_from_user(&EssidBuf, essid->pointer, essid->length))
-- 
2.7.4