| From 1b5e2423164b3670e8bc9174e4762d297990deff Mon Sep 17 00:00:00 2001 |
| From: Arend van Spriel <arend.vanspriel@broadcom.com> |
| Date: Thu, 14 Feb 2019 13:43:47 +0100 |
| Subject: brcmfmac: assure SSID length from firmware is limited |
| |
| From: Arend van Spriel <arend.vanspriel@broadcom.com> |
| |
| commit 1b5e2423164b3670e8bc9174e4762d297990deff upstream. |
| |
| The SSID length as received from firmware should not exceed |
| IEEE80211_MAX_SSID_LEN as that would result in heap overflow. |
| |
| Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> |
| Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> |
| Reviewed-by: Franky Lin <franky.lin@broadcom.com> |
| Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> |
| Signed-off-by: Kalle Valo <kvalo@codeaurora.org> |
| Cc: Ben Hutchings <ben.hutchings@codethink.co.uk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c |
| +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c |
| @@ -3474,6 +3474,8 @@ brcmf_wowl_nd_results(struct brcmf_if *i |
| } |
| |
| netinfo = brcmf_get_netinfo_array(pfn_result); |
| + if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN) |
| + netinfo->SSID_len = IEEE80211_MAX_SSID_LEN; |
| memcpy(cfg->wowl.nd->ssid.ssid, netinfo->SSID, netinfo->SSID_len); |
| cfg->wowl.nd->ssid.ssid_len = netinfo->SSID_len; |
| cfg->wowl.nd->n_channels = 1; |
