Update compat-wireless to 2.6.36-5-spn

chromeos/compat-wireless/net/wireless/wext-core.c

Index: chromeos/compat-wireless/net/wireless/wext-core.c
diff --git a/chromeos/compat-wireless/net/wireless/wext-core.c b/chromeos/compat-wireless/net/wireless/wext-core.c
index 46801c3e7492ed57411bd4dbdfcbdbc2fe7d3455..659216c92b10700d3b0d534f1e3293c25f953c81 100644
--- a/chromeos/compat-wireless/net/wireless/wext-core.c
+++ b/chromeos/compat-wireless/net/wireless/wext-core.c
@@ -815,6 +815,22 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
 		}
 	}
 
+	if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) {
+		/*
+		 * If this is a GET, but not NOMAX, it means that the extra
+		 * data is not bounded by userspace, but by max_tokens. Thus
+		 * set the length to max_tokens. This matches the extra data
+		 * allocation.
+		 * The driver should fill it with the number of tokens it
+		 * provided, and it may check iwp->length rather than having
+		 * knowledge of max_tokens. If the driver doesn't change the
+		 * iwp->length, this ioctl just copies back max_token tokens
+		 * filled with zeroes. Hopefully the driver isn't claiming
+		 * them to be valid data.
+		 */
+		iwp->length = descr->max_tokens;
+	}
+
 	err = handler(dev, info, (union iwreq_data *) iwp, extra);
 
 	iwp->length += essid_compat;