Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 09914813da37f1ee9d77998a0701629cfbbd98f4
commit09914813da37f1ee9d77998a0701629cfbbd98f4[log] [tgz]
authorJohannes Berg <johannes@sipsolutions.net>Tue Oct 07 19:31:17 2008 +0200
committerJohn W. Linville <linville@tuxdriver.com>Tue Oct 14 20:47:15 2008 -0400
tree6577e7769862378abf62e6867a54b71da1dc12c6
parent3eadd751eb8cb8090a65b4fa72c6360fd1aa5f06 [diff]
mac80211: fix HT information element parsing

There's no checking that the HT IEs are of the right length
which can be used by an attacker to cause an out-of-bounds
access by sending a too short HT information/capability IE.
Fix it by simply pretending those IEs didn't exist when too
short.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
3 files changed
tree: 6577e7769862378abf62e6867a54b71da1dc12c6
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. usr/
  20. virt/
  21. .gitignore
  22. .mailmap
  23. COPYING
  24. CREDITS
  25. Kbuild
  26. MAINTAINERS
  27. Makefile
  28. README
  29. REPORTING-BUGS