cfg80211: off by one in nl80211_trigger_scan()

The test is off by one so we'd read past the end of the
wiphy->bands[] array on the next line.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 28d2aa1..e83e7fe 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3464,7 +3464,7 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
                                    tmp) {
                        enum ieee80211_band band = nla_type(attr);
 
-                       if (band < 0 || band > IEEE80211_NUM_BANDS) {
+                       if (band < 0 || band >= IEEE80211_NUM_BANDS) {
                                err = -EINVAL;
                                goto out_free;
                        }