projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2023d18) | patch
staging: rtl8723au: Fix buffer overflow in rtw_get_wfd_ie()
authorJes Sorensen <Jes.Sorensen@redhat.com>
Tue, 15 Apr 2014 17:43:20 +0000 (19:43 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 15 Apr 2014 18:03:53 +0000 (11:03 -0700)
commit597baaff65b68d58ee035d556ddd6e2387c63c6d
tree08abf304fbcf3d9c9d31a65fd8a1dca70eb1f2dctree | snapshot (tar.gz zip)
parent2023d18e6b38c5490df0cd6f17a8e0f2ec6dae0fcommit | diff
staging: rtl8723au: Fix buffer overflow in rtw_get_wfd_ie()

Add bounds checking to not allow WFD Information Elements larger than
128, and make sure we use the correct buffer size MAX_WFD_IE_LEN
instea of hardcoding the size.

This also simplifies rtw_get_wfd_ie() by using the cfg80211
infrastructure.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/rtl8723au/core/rtw_ieee80211.c diff | blob | blame | history
drivers/staging/rtl8723au/core/rtw_mlme_ext.c diff | blob | blame | history
drivers/staging/rtl8723au/core/rtw_p2p.c diff | blob | blame | history
drivers/staging/rtl8723au/core/rtw_wlan_util.c diff | blob | blame | history