Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 7f503fc49f144bb509dbd33daf3426df3f176e6b
commit7f503fc49f144bb509dbd33daf3426df3f176e6b[log] [tgz]
authorStanislaw Gruszka <stf_xl@wp.pl>Sun Jun 19 19:46:02 2011 +0200
committerJohn W. Linville <linville@tuxdriver.com>Wed Jun 22 16:09:44 2011 -0400
tree33c71c73da165d47b2d059311cce4a00dbf70bbb
parent9c803a03bc07553f8148d024c15c784b28c1d9ee [diff]
rt2x00: fix possible memory corruption in case of invalid rxdesc.size

Sometimes rxdesc descriptor provided by hardware contains invalid
(random) data. For example rxdesc.size can be bigger than actual
size of the buffer. When this happen rt2x00crypto_rx_insert_iv()
corrupt memory doing memmove outside of buffer boundaries.

Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
1 file changed
tree: 33c71c73da165d47b2d059311cce4a00dbf70bbb
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS