projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd27019) | patch
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 13 Aug 2020 14:13:15 +0000 (17:13 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 29 Oct 2020 08:07:03 +0000 (09:07 +0100)
commit3dd51af5f967795f90a4b27a1483ea9c1528575d
treec359ae4f375ab51ecc3259214f17f9814985ff62tree | snapshot (tar.gz zip)
parentcd27019bc149f20f12ebec943c2b4c775745a5a0commit | diff
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()

[ Upstream commit 54f9ab7b870934b70e5a21786d951fbcf663970f ]

The value for "aid" comes from skb->data so Smatch marks it as
untrusted.  If it's invalid then it can result in an out of bounds array
access in ath6kl_add_new_sta().

Fixes: 572e27c00c9d ("ath6kl: Fix AP mode connect event parsing and TIM updates")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200813141315.GB457408@mwanda
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/net/wireless/ath/ath6kl/main.c diff | blob | blame | history