Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / e6ff3f4e6d258021fe041d7acf5d013c26bf387b
commite6ff3f4e6d258021fe041d7acf5d013c26bf387b[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Tue Feb 04 01:38:35 2014 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Fri Feb 07 11:10:08 2014 -0800
tree875c3aec92b193722c89cf0494956b947bc159cb
parent893134b084e137b92476ec11ce90790b5f568bb9 [diff]
staging: r8188eu: overflow in rtw_p2p_get_go_device_address()

The go_devadd_str[] array is two characters too small to hold the
address so we corrupt memory.

I've changed the user space API slightly and I don't have a way to test
if this breaks anything.  In the original code we truncated away the
last digit of the address and the NUL terminator so it was already a bit
broken.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 875c3aec92b193722c89cf0494956b947bc159cb
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS