Google Git
Sign in
kernel / pub / scm / linux / kernel / git / bwh / linux-stable / 60a613dc22ee9932c3ba67eadb08de357e36f01f
commit60a613dc22ee9932c3ba67eadb08de357e36f01f[log] [tgz]
authorQing Xu <m1s5p6688@gmail.com>Thu Jan 02 10:39:26 2020 +0800
committerBen Hutchings <ben@decadent.org.uk>Thu Jun 11 19:05:42 2020 +0100
tree086c36eef812740fcdb234d2ceab1c3e2d2b2a79
parentf0c210c885dbc5000d3c3e27723beedda5988cee [diff]
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

commit 3a9b153c5591548612c3955c9600a98150c81875 upstream.

mwifiex_ret_wmm_get_status() calls memcpy() without checking the
destination size.Since the source is given from remote AP which
contains illegal wmm elements , this may trigger a heap buffer
overflow.
Fix it by putting the length check before calling memcpy().

Signed-off-by: Qing Xu <m1s5p6688@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
1 file changed
tree: 086c36eef812740fcdb234d2ceab1c3e2d2b2a79
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS