Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 597baaff65b68d58ee035d556ddd6e2387c63c6d
commit597baaff65b68d58ee035d556ddd6e2387c63c6d[log] [tgz]
authorJes Sorensen <Jes.Sorensen@redhat.com>Tue Apr 15 19:43:20 2014 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Tue Apr 15 11:03:53 2014 -0700
tree08abf304fbcf3d9c9d31a65fd8a1dca70eb1f2dc
parent2023d18e6b38c5490df0cd6f17a8e0f2ec6dae0f [diff]
staging: rtl8723au: Fix buffer overflow in rtw_get_wfd_ie()

Add bounds checking to not allow WFD Information Elements larger than
128, and make sure we use the correct buffer size MAX_WFD_IE_LEN
instea of hardcoding the size.

This also simplifies rtw_get_wfd_ie() by using the cfg80211
infrastructure.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
4 files changed
tree: 08abf304fbcf3d9c9d31a65fd8a1dca70eb1f2dc
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS