projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7199c67) | patch
mwifiex: Prevent memory corruption handling keys
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 8 Jul 2020 11:58:57 +0000 (14:58 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 19 Aug 2020 06:23:53 +0000 (08:23 +0200)
commitbacd54a4c1db3daad07a2a85cb79af6742f3c8a8
treebd342f98f13aa850b7e64dcfe6d20618506ec929tree
parent7199c67322f41eace1f8b22591eb160324d4a6e9commit | diff
mwifiex: Prevent memory corruption handling keys

[ Upstream commit e18696786548244914f36ec3c46ac99c53df99c3 ]

The length of the key comes from the network and it's a 16 bit number.  It
needs to be capped to prevent a buffer overflow.

Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200708115857.GA13729@mwanda
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/net/wireless/marvell/mwifiex/sta_cmdresp.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)