Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 5a277e5b8179117c9e2544580c1e2ebc297a699d
commit5a277e5b8179117c9e2544580c1e2ebc297a699d[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Thu Aug 13 17:13:15 2020 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Oct 29 09:55:05 2020 +0100
tree91e2fcc489132257d3d33f8a4fa4576c7c97997b
parentaea63181b6fcb6b9ccde1ada9ea51be19c4015af [diff]
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()

[ Upstream commit 54f9ab7b870934b70e5a21786d951fbcf663970f ]

The value for "aid" comes from skb->data so Smatch marks it as
untrusted.  If it's invalid then it can result in an out of bounds array
access in ath6kl_add_new_sta().

Fixes: 572e27c00c9d ("ath6kl: Fix AP mode connect event parsing and TIM updates")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200813141315.GB457408@mwanda
Signed-off-by: Sasha Levin <sashal@kernel.org>
1 file changed
tree: 91e2fcc489132257d3d33f8a4fa4576c7c97997b
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README