Validate buffer room for feature flags from the driver Add an explicit check to avoid buffer overflow while copying data from attributes sent by the driver should the driver return an unexpectedly long set of feature flags. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

commit: d72adbcfd3e006494602b31dfde2aba74a458e04 [log] [tgz]
author: Vamsi Krishna <vamsin@codeaurora.org> Mon Aug 16 21:40:22 2021 +0530
committer: Jouni Malinen <jouni@codeaurora.org> Wed Aug 25 22:23:23 2021 +0300
tree: 1ac554535f11cd115c90c6ae8b49543653cdefbe
parent: 2e5ef8e3584db7476e2efc41494905c8df840cc4 [diff] [blame]
diff --git a/sta.c b/sta.c
index 2bf121d..335a6b7 100644
--- a/sta.c
+++ b/sta.c

@@ -7389,7 +7389,7 @@
 		if (attr) {
 			int len = nla_len(attr);
 
-			if (info && info->flags && len >= 0) {
+			if (info && info->flags && len <= sizeof(info->flags)) {
 				memcpy(info->flags, nla_data(attr), len);
 				info->flags_len = len;
 			}
commit	d72adbcfd3e006494602b31dfde2aba74a458e04	[log] [tgz]
author	Vamsi Krishna <vamsin@codeaurora.org>	Mon Aug 16 21:40:22 2021 +0530
committer	Jouni Malinen <jouni@codeaurora.org>	Wed Aug 25 22:23:23 2021 +0300
tree	1ac554535f11cd115c90c6ae8b49543653cdefbe
parent	2e5ef8e3584db7476e2efc41494905c8df840cc4 [diff] [blame]