mwifiex: Fix possible buffer overflows at parsing bss descriptor - openslx/kernel-qcow2-linux.git

diff options

author	Takashi Iwai	2019-05-29 14:52:19 +0200
committer	Kalle Valo	2019-05-30 13:22:10 +0200
commit	13ec7f10b87f5fc04c4ccbd491c94c7980236a74 (patch)
tree	051fc20093146cd57bbaa8d8e224f08111443a8e /drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
parent	rtw88: Make some symbols static (diff)
download	kernel-qcow2-linux-13ec7f10b87f5fc04c4ccbd491c94c7980236a74.tar.gz kernel-qcow2-linux-13ec7f10b87f5fc04c4ccbd491c94c7980236a74.tar.xz kernel-qcow2-linux-13ec7f10b87f5fc04c4ccbd491c94c7980236a74.zip

mwifiex: Fix possible buffer overflows at parsing bss descriptor

mwifiex_update_bss_desc_with_ie() calls memcpy() unconditionally in a couple places without checking the destination size. Since the source is given from user-space, this may trigger a heap buffer overflow. Fix it by putting the length check before performing memcpy(). This fix addresses CVE-2019-3846. Reported-by: huangwen <huangwen@venustech.com.cn> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Diffstat (limited to 'drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: